CVE-2021-39229: Apprise vulnerable to regex injection with IFTTT Plugin
(updated )
Anyone publicly hosting the Apprise library and granting them access to the IFTTT notification service.
References
- github.com/advisories/GHSA-qhmp-h54x-38qr
- github.com/caronc/apprise
- github.com/caronc/apprise/blob/0007eade20934ddef0aba38b8f1aad980cfff253/apprise/plugins/NotifyIFTTT.py
- github.com/caronc/apprise/commit/e20fce630d55e4ca9b0a1e325a5fea6997489831
- github.com/caronc/apprise/pull/436
- github.com/caronc/apprise/releases/tag/v0.9.5.1
- github.com/caronc/apprise/security/advisories/GHSA-qhmp-h54x-38qr
- github.com/pypa/advisory-database/tree/main/vulns/apprise/PYSEC-2021-327.yaml
- nvd.nist.gov/vuln/detail/CVE-2021-39229
Code Behaviors & Features
Detect and mitigate CVE-2021-39229 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →