CVE-2020-36245

Code Injection in pypi/gramaddict

Identifiers

CVE-2020-36245

Package Slug

pypi/gramaddict

Vulnerability

Code Injection

Description

GramAddict allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port, e.g., by being on the same Wi-Fi network.

Affected Versions

All versions up to 1.2.3

Solution

Upgrade to version 1.2.4 or above.

Last Modified

2021-02-26

source