CVE-2022-34558

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in pypi/global-workqueue

Identifiers

GHSA-4vq7-8699-4xgc, CVE-2022-34558

Package Slug

pypi/global-workqueue

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package.

Affected Versions

Version 1.4.1rc5

Solution

Upgrade to version 2.0.4 or above.

Last Modified

2022-08-09

source