CVE-2023-41334

HIGH Year: 2023
CVSS v3 Score
8.4
High
Weakness Type
CWE-77
View all →

Vulnerability Description

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the `TranformGraph().to_dot_graph` function. A malicious user can provide a command or a script file as a value to the `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`. Although an error will be raised, the command or script will be executed successfully. Version 5.3.3 fixes this issue.

Related Vulnerabilities

CVE-2020-14433

HIGH
CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK842 before 3.2.15.25, RBR850 before 3.2.15.25, RBS...

CWE-772020

CVE-2020-14434

HIGH
CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RB...

CWE-772020

CVE-2020-35777

HIGH
CVSS:8.4(High)

NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection.

CWE-772020

CVE-2021-29069

HIGH
CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.

CWE-772021

CVE-2021-29070

HIGH
CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and...

CWE-772021

CVE-2021-29072

HIGH
CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and...

CWE-772021