CVE-2020-15271

Name of the Vulnerable Software and Affected Versions lookatme versions prior to 2.3.0

Description The issue affects users who render untrusted markdown with lookatme, potentially allowing malicious shell commands to be automatically run on their system. This is due to the automatic loading of the built-in "terminal" and "file loader" extensions in affected versions.

Recommendations For versions prior to 2.3.0, upgrade to version 2.3.0 or above. As a temporary workaround, consider manually deleting the lookatme/contrib/terminal.py and lookatme/contrib/file loader.py files. It is also recommended to be aware of what is being rendered with lookatme to minimize potential risks.