CVE-2023-40957

Name of the Vulnerable Software and Affected Versions Didotech srl Engineering & Lifecycle Management (aka pdm) versions 14.0 through 16.0

Description A SQL injection issue allows a remote authenticated attacker to execute arbitrary code via the request parameter in the models/base client.py component.

Recommendations For versions 14.0, 15.0, and 16.0, update to pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 respectively to resolve the issue. As a temporary workaround, consider restricting access to the models/base client.py component until a patch is applied.