CVE-2017-1002157: modulemd uses an unsafe function for processing externally provided data

January 17, 2019 (updated September 24, 2024)

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.

References

github.com/advisories/GHSA-jhjh-ghwx-6h7r
github.com/pypa/advisory-database/tree/main/vulns/modulemd/PYSEC-2019-153.yaml
github.com/xsuchy/modulemd
nvd.nist.gov/vuln/detail/CVE-2017-1002157
pagure.io/modulemd/issue/55

Detect and mitigate CVE-2017-1002157 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →