CVE-2023-37659: xalpha vulnerable to Remote Code Execution
(updated )
xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE). User input is not properly checked to be numerical values prior to being evaluated.
References
- github.com/advisories/GHSA-jx3q-5rgf-vrrr
- github.com/pypa/advisory-database/tree/main/vulns/xalpha/PYSEC-2023-116.yaml
- github.com/refraction-ray/xalpha
- github.com/refraction-ray/xalpha/commit/6dceaa159a1a319d750ade20a4595956876657b6
- github.com/refraction-ray/xalpha/issues/175
- nvd.nist.gov/vuln/detail/CVE-2023-37659
Detect and mitigate CVE-2023-37659 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →