pysec-2019-102
Vulnerability from pysec
Published
2019-11-16 01:15
Modified
2020-08-24 17:37
Details

Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.

Impacted products
Name purl
limnoria pkg:pypi/limnoria
Aliases


To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "limnoria",
        "purl": "pkg:pypi/limnoria"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3848ae78de45b35c029cc333963d436b9d2f0a35"
            }
          ],
          "repo": "https://github.com/ProgVal/Limnoria",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2019.11.09"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2013-01-21T20:33:09+0100",
        "2013-01-23T17:11:52+0100",
        "2013-02-01T20:50:46+0100",
        "2013-02-02T19:59:03+0100",
        "2013-02-02T20:23:17+0100",
        "2013-02-08T17:40:57+0000",
        "2013-03-27T16:32:26+0100",
        "2013-05-09T12:47:53+0200",
        "2013-05-10T17:55:56+0200",
        "2013-05-14T20:16:05+0200",
        "2013-06-01T10:32:51+0200",
        "2013-07-19T09:11:08+0000",
        "2013-08-12T21:48:56+0200",
        "2013-09-11T19-27-10",
        "2013-12-23T17-51-15",
        "2014-01-12T15-52-10",
        "0.2016.03.21",
        "2014.03.03",
        "2014.05.08",
        "2014.05.17",
        "2014.05.29",
        "2014.06.04",
        "2014.06.26",
        "2014.07.19",
        "2014.10.09",
        "2014.11.24",
        "2014.12.07",
        "2014.12.22",
        "2015.03.10",
        "2015.04.29",
        "2015.05.20",
        "2015.07.08",
        "2015.08.17",
        "2015.08.29",
        "2015.09.16",
        "2015.10.04",
        "2015.11.30",
        "2015.12.02",
        "2015.12.12",
        "2016.01.05",
        "2016.02.23",
        "2016.02.24",
        "2016.03.21",
        "2016.03.21.1",
        "2016.03.21.2",
        "2016.05.06",
        "2016.06.27",
        "2016.06.29",
        "2016.08.07",
        "2016.09.26",
        "2016.10.01",
        "2016.10.02",
        "2016.11.28",
        "2016.12.08",
        "2017.01.10",
        "2017.03.30",
        "2017.08.03",
        "2017.08.18",
        "2017.10.01",
        "2018.01.25",
        "2018.04.14",
        "2018.06.20",
        "2018.06.25",
        "2018.09.01",
        "2018.09.09",
        "2018.12.19",
        "2019.02.14",
        "2019.02.21",
        "2019.02.21.1",
        "2019.02.22",
        "2019.02.23",
        "2019.05.28",
        "2019.08.25",
        "2019.09.08",
        "2019.10.22"
      ]
    }
  ],
  "aliases": [
    "CVE-2019-19010",
    "GHSA-6g88-vr3v-76mf"
  ],
  "details": "Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.",
  "id": "PYSEC-2019-102",
  "modified": "2020-08-24T17:37:00Z",
  "published": "2019-11-16T01:15:00Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/ProgVal/Limnoria/commit/3848ae78de45b35c029cc333963d436b9d2f0a35"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ProgVal/Limnoria/wiki/math-eval-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/54CQM2TEXRADLE77VOMCPHL5PBHR3ZWJ/"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P2AGND54UIJV3WHOYO2YINIXSDGAAPO/"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DRNOUHFEN75QAIKT4Y3HDN3TT5LSIWN2/"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-6g88-vr3v-76mf"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.