PT-2022-14753 · Nuitka+1 · Nuitka+1

Kayhayen

Published

2022-06-12

Updated

2023-09-12

CVE-2022-2054

CVSS v4.0

8.5

High

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions nuitka versions prior to 0.9

Description The issue is related to code injection in the GitHub repository nuitka/nuitka. It is also referred to as a command injection vulnerability. A patch is anticipated to be part of the 0.9 release.

Recommendations For versions prior to 0.9, update to version 0.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable component until a patch is available.

Exploit

Fix

Code Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-77

Related Identifiers

CVE-2022-2054

GHSA-4V3R-HQR9-69JF

PYSEC-2022-209

ROSA-SA-2023-2236

Affected Products

Debian

Nuitka

PT-2022-14753 · Nuitka+1 · Nuitka+1

CVE-2022-2054

Weakness Enumeration

Related Identifiers

Affected Products

References · 18