CVE-2020-25489: Heap Overflow in PyMiniRacer
(updated )
A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption.
References
- blog.sqreen.com/vulnerability-disclosure-finding-a-vulnerability-in-sqreens-php-agent-and-how-we-fixed-it
- github.com/advisories/GHSA-vwcg-7xqw-qcxw
- github.com/pypa/advisory-database/tree/main/vulns/py-mini-racer/PYSEC-2020-93.yaml
- github.com/sqreen/PyMiniRacer
- github.com/sqreen/PyMiniRacer/commit/627b54768293ec277f1adb997c888ec524f4174d
- github.com/sqreen/PyMiniRacer/compare/v0.2.0...v0.3.0
- github.com/sqreen/PyMiniRacer/security/advisories/GHSA-vwcg-7xqw-qcxw
- nvd.nist.gov/vuln/detail/CVE-2020-25489
Detect and mitigate CVE-2020-25489 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →