Python-poetry

Poetry

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.3

CVE-2022-36069

Exploit
  • EPSS 0.72%
  • Veröffentlicht 07.09.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 07:12:18

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as `git clone`. These commands are constructed using user input (e.g. the repository URL)....

7.3

CVE-2022-36070

  • EPSS 0.11%
  • Veröffentlicht 07.09.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 07:12:18

Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. `git config`. These commands are being executed using the executable’s name and not its absolute path. This can ...

9.8

CVE-2022-26184

  • EPSS 0.6%
  • Veröffentlicht 21.03.2022 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:53:33

Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the ap...