Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    Related vulnerabilities

    PYSEC-2022-238

    Vulnerability from pysec - Published: 2022-07-13 12:15 - Updated: 2022-07-26 13:13
    VLAI
    Details

    This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.

    Impacted products
    Name purl
    codecov pkg:pypi/codecov
    Aliases
    To clipboard 

    {
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "codecov",
        "purl": "pkg:pypi/codecov"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2a80aa434f74feb31242b6f213b75ce63ae97902"
            }
          ],
          "repo": "https://github.com/codecov/codecov-python",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.0.1",
        "0.0.2",
        "0.0.3",
        "0.0.4",
        "0.0.5",
        "0.1.0",
        "0.1.1",
        "0.1.2",
        "0.2.0",
        "0.2.1",
        "0.2.2",
        "0.2.3",
        "0.3.0",
        "0.3.1",
        "0.3.2",
        "0.3.3",
        "0.3.4",
        "0.4.0",
        "0.4.1",
        "0.5.0",
        "0.5.1",
        "0.5.2",
        "1.0.0",
        "1.0.1",
        "1.0.2",
        "1.0.3",
        "1.1.0",
        "1.1.1",
        "1.1.10",
        "1.1.11",
        "1.1.12",
        "1.1.13",
        "1.1.2",
        "1.1.3",
        "1.1.4",
        "1.1.5",
        "1.1.6",
        "1.1.7",
        "1.1.8",
        "1.1.9",
        "1.2.1",
        "1.2.2",
        "1.2.3",
        "1.3.0",
        "1.3.1",
        "1.3.2",
        "1.3.3",
        "1.4.0",
        "1.4.1",
        "1.5.0",
        "1.5.1",
        "1.6.0",
        "1.6.1",
        "1.6.2",
        "1.6.3",
        "2.0.0",
        "2.0.1",
        "2.0.10",
        "2.0.11",
        "2.0.12",
        "2.0.13",
        "2.0.14",
        "2.0.15",
        "2.0.2",
        "2.0.3",
        "2.0.5",
        "2.0.7",
        "2.0.8",
        "2.0.9"
      ]
    }
  ],
  "aliases": [
    "CVE-2019-10800",
    "SNYK-PYTHON-CODECOV-552149",
    "GHSA-h3qr-fjhm-jphw"
  ],
  "details": "This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.",
  "id": "PYSEC-2022-238",
  "modified": "2022-07-26T13:13:30.178958Z",
  "published": "2022-07-13T12:15:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://snyk.io/vuln/SNYK-PYTHON-CODECOV-552149"
    },
    {
      "type": "FIX",
      "url": "https://github.com/codecov/codecov-python/commit/2a80aa434f74feb31242b6f213b75ce63ae97902"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-h3qr-fjhm-jphw"
    }
  ]
}