CVE-2019-10800

Codecov prior to 2.0.16 does not sanitize gcov arguments in pypi/codecov

Identifiers

GHSA-h3qr-fjhm-jphw, CVE-2019-10800

Package Slug

pypi/codecov

Vulnerability

Codecov prior to 2.0.16 does not sanitize gcov arguments

Description

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.

Affected Versions

All versions before 2.0.16

Solution

Upgrade to version 2.0.16 or above.

Last Modified

2022-07-26

source