CVE-2024-29189 (GCVE-0-2024-29189)
Vulnerability from cvelistv5 – Published: 2024-03-26 02:50 – Updated: 2024-08-05 20:27
VLAI
Title
ansys-geometry-core OS Command Injection vulnerability
Summary
PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/product_instance.py, upon calling this method _start_program directly, users could exploit its usage to perform malicious operations on the current machine where the script is ran. This vulnerability is fixed in 0.3.3 and 0.4.12.
Severity
7.4 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/ansys/pyansys-geometry/securit… | x_refsource_CONFIRM |
| https://github.com/ansys/pyansys-geometry/pull/1076 | x_refsource_MISC |
| https://github.com/ansys/pyansys-geometry/pull/1077 | x_refsource_MISC |
| https://github.com/ansys/pyansys-geometry/commit/… | x_refsource_MISC |
| https://github.com/ansys/pyansys-geometry/commit/… | x_refsource_MISC |
| https://bandit.readthedocs.io/en/1.7.8/plugins/b6… | x_refsource_MISC |
| https://github.com/ansys/pyansys-geometry/blob/52… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ansys | pyansys-geometry |
Affected:
>= 0.3.0, < 0.3.3
Affected: >= 0.4.0, < 0.4.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:54.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ansys/pyansys-geometry/security/advisories/GHSA-38jr-29fh-w9vm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ansys/pyansys-geometry/security/advisories/GHSA-38jr-29fh-w9vm"
},
{
"name": "https://github.com/ansys/pyansys-geometry/pull/1076",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ansys/pyansys-geometry/pull/1076"
},
{
"name": "https://github.com/ansys/pyansys-geometry/pull/1077",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ansys/pyansys-geometry/pull/1077"
},
{
"name": "https://github.com/ansys/pyansys-geometry/commit/902071701c4f3a8258cbaa46c28dc0a65442d1bc",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ansys/pyansys-geometry/commit/902071701c4f3a8258cbaa46c28dc0a65442d1bc"
},
{
"name": "https://github.com/ansys/pyansys-geometry/commit/f82346b9432b06532e84f3278125f5879b4e9f3f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ansys/pyansys-geometry/commit/f82346b9432b06532e84f3278125f5879b4e9f3f"
},
{
"name": "https://bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html"
},
{
"name": "https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ansys:pyansys-geometry:0.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pyansys-geometry",
"vendor": "ansys",
"versions": [
{
"lessThan": "0.3.3",
"status": "affected",
"version": "0.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ansys:pyansys-geometry:0.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pyansys-geometry",
"vendor": "ansys",
"versions": [
{
"lessThan": "0.4.12",
"status": "affected",
"version": "0.4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29189",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T20:24:46.363776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:31.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyansys-geometry",
"vendor": "ansys",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.3.0, \u003c 0.3.3"
},
{
"status": "affected",
"version": "\u003e= 0.4.0, \u003c 0.4.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/product_instance.py, upon calling this method _start_program directly, users could exploit its usage to perform malicious operations on the current machine where the script is ran. This vulnerability is fixed in 0.3.3 and 0.4.12."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T02:50:34.984Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ansys/pyansys-geometry/security/advisories/GHSA-38jr-29fh-w9vm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ansys/pyansys-geometry/security/advisories/GHSA-38jr-29fh-w9vm"
},
{
"name": "https://github.com/ansys/pyansys-geometry/pull/1076",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ansys/pyansys-geometry/pull/1076"
},
{
"name": "https://github.com/ansys/pyansys-geometry/pull/1077",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ansys/pyansys-geometry/pull/1077"
},
{
"name": "https://github.com/ansys/pyansys-geometry/commit/902071701c4f3a8258cbaa46c28dc0a65442d1bc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ansys/pyansys-geometry/commit/902071701c4f3a8258cbaa46c28dc0a65442d1bc"
},
{
"name": "https://github.com/ansys/pyansys-geometry/commit/f82346b9432b06532e84f3278125f5879b4e9f3f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ansys/pyansys-geometry/commit/f82346b9432b06532e84f3278125f5879b4e9f3f"
},
{
"name": "https://bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html"
},
{
"name": "https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428"
}
],
"source": {
"advisory": "GHSA-38jr-29fh-w9vm",
"discovery": "UNKNOWN"
},
"title": "ansys-geometry-core OS Command Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29189",
"datePublished": "2024-03-26T02:50:34.984Z",
"dateReserved": "2024-03-18T17:07:00.094Z",
"dateUpdated": "2024-08-05T20:27:31.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-29189",
"date": "2026-05-30",
"epss": "0.00118",
"percentile": "0.30308"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/product_instance.py, upon calling this method _start_program directly, users could exploit its usage to perform malicious operations on the current machine where the script is ran. This vulnerability is fixed in 0.3.3 and 0.4.12.\"}, {\"lang\": \"es\", \"value\": \"PyAnsys Geometry es una librer\\u00eda cliente de Python para el servicio Ansys Geometry y otros productos CAD Ansys. En el archivo src/ansys/geometry/core/connection/product_instance.py, al llamar directamente a este m\\u00e9todo _start_program, los usuarios podr\\u00edan explotar su uso para realizar operaciones maliciosas en la m\\u00e1quina actual donde se ejecuta el script. Esta vulnerabilidad se solucion\\u00f3 en 0.3.3 y 0.4.12.\"}]",
"id": "CVE-2024-29189",
"lastModified": "2024-11-21T09:07:45.657",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.4, \"impactScore\": 5.9}]}",
"published": "2024-03-26T03:15:13.150",
"references": "[{\"url\": \"https://bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/ansys/pyansys-geometry/commit/902071701c4f3a8258cbaa46c28dc0a65442d1bc\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/ansys/pyansys-geometry/commit/f82346b9432b06532e84f3278125f5879b4e9f3f\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/ansys/pyansys-geometry/pull/1076\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/ansys/pyansys-geometry/pull/1077\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/ansys/pyansys-geometry/security/advisories/GHSA-38jr-29fh-w9vm\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/ansys/pyansys-geometry/commit/902071701c4f3a8258cbaa46c28dc0a65442d1bc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/ansys/pyansys-geometry/commit/f82346b9432b06532e84f3278125f5879b4e9f3f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/ansys/pyansys-geometry/pull/1076\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/ansys/pyansys-geometry/pull/1077\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/ansys/pyansys-geometry/security/advisories/GHSA-38jr-29fh-w9vm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-29189\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-26T03:15:13.150\",\"lastModified\":\"2025-12-15T21:38:09.403\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/product_instance.py, upon calling this method _start_program directly, users could exploit its usage to perform malicious operations on the current machine where the script is ran. This vulnerability is fixed in 0.3.3 and 0.4.12.\"},{\"lang\":\"es\",\"value\":\"PyAnsys Geometry es una librer\u00eda cliente de Python para el servicio Ansys Geometry y otros productos CAD Ansys. En el archivo src/ansys/geometry/core/connection/product_instance.py, al llamar directamente a este m\u00e9todo _start_program, los usuarios podr\u00edan explotar su uso para realizar operaciones maliciosas en la m\u00e1quina actual donde se ejecuta el script. Esta vulnerabilidad se solucion\u00f3 en 0.3.3 y 0.4.12.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.4,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ansys:pyansys_geometry:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.3.0\",\"versionEndExcluding\":\"0.3.3\",\"matchCriteriaId\":\"9D2790C5-7621-470E-8F46-CD14E1C84737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ansys:pyansys_geometry:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.4.0\",\"versionEndExcluding\":\"0.4.12\",\"matchCriteriaId\":\"C4A9FEDE-8D55-4CFE-864E-4D501F54CB43\"}]}]}],\"references\":[{\"url\":\"https://bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Technical Description\"]},{\"url\":\"https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/ansys/pyansys-geometry/commit/902071701c4f3a8258cbaa46c28dc0a65442d1bc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/ansys/pyansys-geometry/commit/f82346b9432b06532e84f3278125f5879b4e9f3f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/ansys/pyansys-geometry/pull/1076\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/ansys/pyansys-geometry/pull/1077\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/ansys/pyansys-geometry/security/advisories/GHSA-38jr-29fh-w9vm\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\"]},{\"url\":\"https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/ansys/pyansys-geometry/commit/902071701c4f3a8258cbaa46c28dc0a65442d1bc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/ansys/pyansys-geometry/commit/f82346b9432b06532e84f3278125f5879b4e9f3f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/ansys/pyansys-geometry/pull/1076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/ansys/pyansys-geometry/pull/1077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/ansys/pyansys-geometry/security/advisories/GHSA-38jr-29fh-w9vm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/ansys/pyansys-geometry/security/advisories/GHSA-38jr-29fh-w9vm\", \"name\": \"https://github.com/ansys/pyansys-geometry/security/advisories/GHSA-38jr-29fh-w9vm\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/ansys/pyansys-geometry/pull/1076\", \"name\": \"https://github.com/ansys/pyansys-geometry/pull/1076\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/ansys/pyansys-geometry/pull/1077\", \"name\": \"https://github.com/ansys/pyansys-geometry/pull/1077\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/ansys/pyansys-geometry/commit/902071701c4f3a8258cbaa46c28dc0a65442d1bc\", \"name\": \"https://github.com/ansys/pyansys-geometry/commit/902071701c4f3a8258cbaa46c28dc0a65442d1bc\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/ansys/pyansys-geometry/commit/f82346b9432b06532e84f3278125f5879b4e9f3f\", \"name\": \"https://github.com/ansys/pyansys-geometry/commit/f82346b9432b06532e84f3278125f5879b4e9f3f\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html\", \"name\": \"https://bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428\", \"name\": \"https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:10:54.820Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-29189\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-05T20:24:46.363776Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ansys:pyansys-geometry:0.3.0:*:*:*:*:*:*:*\"], \"vendor\": \"ansys\", \"product\": \"pyansys-geometry\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.3.0\", \"lessThan\": \"0.3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:ansys:pyansys-geometry:0.4.0:*:*:*:*:*:*:*\"], \"vendor\": \"ansys\", \"product\": \"pyansys-geometry\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.4.0\", \"lessThan\": \"0.4.12\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-05T20:27:14.792Z\"}}], \"cna\": {\"title\": \"ansys-geometry-core OS Command Injection vulnerability\", \"source\": {\"advisory\": \"GHSA-38jr-29fh-w9vm\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"ansys\", \"product\": \"pyansys-geometry\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.3.0, \u003c 0.3.3\"}, {\"status\": \"affected\", \"version\": \"\u003e= 0.4.0, \u003c 0.4.12\"}]}], \"references\": [{\"url\": \"https://github.com/ansys/pyansys-geometry/security/advisories/GHSA-38jr-29fh-w9vm\", \"name\": \"https://github.com/ansys/pyansys-geometry/security/advisories/GHSA-38jr-29fh-w9vm\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/ansys/pyansys-geometry/pull/1076\", \"name\": \"https://github.com/ansys/pyansys-geometry/pull/1076\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/ansys/pyansys-geometry/pull/1077\", \"name\": \"https://github.com/ansys/pyansys-geometry/pull/1077\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/ansys/pyansys-geometry/commit/902071701c4f3a8258cbaa46c28dc0a65442d1bc\", \"name\": \"https://github.com/ansys/pyansys-geometry/commit/902071701c4f3a8258cbaa46c28dc0a65442d1bc\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/ansys/pyansys-geometry/commit/f82346b9432b06532e84f3278125f5879b4e9f3f\", \"name\": \"https://github.com/ansys/pyansys-geometry/commit/f82346b9432b06532e84f3278125f5879b4e9f3f\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html\", \"name\": \"https://bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428\", \"name\": \"https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/product_instance.py, upon calling this method _start_program directly, users could exploit its usage to perform malicious operations on the current machine where the script is ran. This vulnerability is fixed in 0.3.3 and 0.4.12.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-03-26T02:50:34.984Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-29189\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-05T20:27:31.415Z\", \"dateReserved\": \"2024-03-18T17:07:00.094Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-03-26T02:50:34.984Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…