CVE-2019-10800: Codecov does not sanitize gcov arguments
(updated )
This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.
References
- github.com/advisories/GHSA-h3qr-fjhm-jphw
- github.com/codecov/codecov-python
- github.com/codecov/codecov-python/commit/2a80aa434f74feb31242b6f213b75ce63ae97902
- github.com/pypa/advisory-database/tree/main/vulns/codecov/PYSEC-2022-238.yaml
- nvd.nist.gov/vuln/detail/CVE-2019-10800
- snyk.io/vuln/SNYK-PYTHON-CODECOV-552149
Detect and mitigate CVE-2019-10800 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →