CVE-2020-15271, GHSA-c84h-w6cr-5v8q
pypi/lookatme
OS Command Injection
In lookatme, the package automatically loaded the built-in terminal
and file_loader
extensions. As a workaround, the lookatme/contrib/terminal.py
and lookatme/contrib/file_loader.py
files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme.
All versions before 2.3.0
Upgrade to version 2.3.0 or above.
2020-11-16
source |