CVE-2019-19010: Eval injection in Supybot/Limnoria
(updated )
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
References
- github.com/ProgVal/Limnoria
- github.com/ProgVal/Limnoria/commit/3848ae78de45b35c029cc333963d436b9d2f0a35
- github.com/ProgVal/Limnoria/wiki/math-eval-vulnerability
- github.com/advisories/GHSA-6g88-vr3v-76mf
- github.com/pypa/advisory-database/tree/main/vulns/limnoria/PYSEC-2019-102.yaml
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/54CQM2TEXRADLE77VOMCPHL5PBHR3ZWJ
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P2AGND54UIJV3WHOYO2YINIXSDGAAPO
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DRNOUHFEN75QAIKT4Y3HDN3TT5LSIWN2
- nvd.nist.gov/vuln/detail/CVE-2019-19010
Detect and mitigate CVE-2019-19010 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →