CVE-2020-15271

OS Command Injection in pypi/lookatme

Identifiers

CVE-2020-15271, GHSA-c84h-w6cr-5v8q

Package Slug

pypi/lookatme

Vulnerability

OS Command Injection

Description

In lookatme, the package automatically loaded the built-in terminal and file_loader extensions. As a workaround, the lookatme/contrib/terminal.py and lookatme/contrib/file_loader.py files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme.

Affected Versions

All versions before 2.3.0

Solution

Upgrade to version 2.3.0 or above.

Last Modified

2020-11-16

source