Advisories for Pypi/Simiki package

2021

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line of the component 'simiki/blob/master/simiki/config.py'.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary code via line of the component 'simiki/blob/master/simiki/generators.py'.