CVE-2023-41334

CVSS 3.1 Score 8.4 of 10 (high)

Details

Published Mar 18, 2024
CWE ID 77

Summary

CVE-2023-41334 is a remote code execution vulnerability affecting version 5.3.2 of the Astropy core package for astronomy in Python. This issue arises due to insufficient input validation in the `TransformGraph().to_dot_graph` function. Malicious users can exploit this flaw by providing a command or a script file as a value to the `savelayout` argument. Although an error is raised, the command or script is executed successfully. Users are advised to update to version 5.3.3 to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share