CVE-2022-2054: Command Injection in Nuitka
(updated )
Nuitka 0.8.4 and prior is vulnerable to command injection. A patch is available and anticipated to be part of the 0.9
release.
References
- github.com/Nuitka/Nuitka/commit/1765ffce2a9ab859853210337390de242cd80712
- github.com/advisories/GHSA-4v3r-hqr9-69jf
- github.com/nuitka/nuitka
- github.com/nuitka/nuitka/commit/09647745d7cbb6ff32f9fa948f19d5558b32bcad
- github.com/pypa/advisory-database/tree/main/vulns/nuitka/PYSEC-2022-209.yaml
- huntr.dev/bounties/ea4a842c-c48c-4aae-a599-3305125c63a7
- nvd.nist.gov/vuln/detail/CVE-2022-2054
Detect and mitigate CVE-2022-2054 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →