CVE-2024-29189: ansys-geometry-core OS Command Injection vulnerability
subprocess call with shell=True identified, security issue.
References
- bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html
- github.com/advisories/GHSA-38jr-29fh-w9vm
- github.com/ansys/pyansys-geometry
- github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py
- github.com/ansys/pyansys-geometry/commit/902071701c4f3a8258cbaa46c28dc0a65442d1bc
- github.com/ansys/pyansys-geometry/commit/f82346b9432b06532e84f3278125f5879b4e9f3f
- github.com/ansys/pyansys-geometry/pull/1076
- github.com/ansys/pyansys-geometry/pull/1077
- github.com/ansys/pyansys-geometry/security/advisories/GHSA-38jr-29fh-w9vm
- nvd.nist.gov/vuln/detail/CVE-2024-29189
Detect and mitigate CVE-2024-29189 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →