Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-1000802

Good to know:

icon

Date: September 17, 2018

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.

Language: Python

Severity Score

Related Resources (16)

https://security.netapp.com/advisory/ntap-20230309-0002/
https://mega.nz/#!JUFiCC4R!mq-jQ8ySFwIhX6WMDujaZuNBfttDVt7DETlfOIQE1ig
https://www.debian.org/security/2018/dsa-4306
https://nvd.nist.gov/vuln/detail/CVE-2018-1000802
https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html
https://security-tracker.debian.org/tracker/CVE-2018-1000802
https://bugs.python.org/issue34540
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html
https://usn.ubuntu.com/3817-1/
https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000802
https://github.com/python/cpython/pull/8985/commits/add531a1e55b0a739b0f42582f1c9747e5649ace
https://github.com/python/cpython/pull/8985
https://usn.ubuntu.com/3817-2/
https://mega.nz/#%21JUFiCC4R%21mq-jQ8ySFwIhX6WMDujaZuNBfttDVt7DETlfOIQE1ig
https://www.mend.io/vulnerability-database/CVE-2018-1000802

Severity Score

Weakness Type (CWE)

Command Injection

CWE-77

OS Command Injections

CWE-78

Top Fix

icon

Upgrade Version

Upgrade to version v2.7.16

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us