Homepage
About Snyk

Eve@0.0.5 vulnerabilities

Python REST API for Humans.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the Eve package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Incorrect Type Conversion or Cast

Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast where different types are compared, leading to an invalid state. This issue makes the nested code block non-executable, producing invalid data.

How to fix Incorrect Type Conversion or Cast?

Upgrade Eve to version 2.0.4 or higher.

[,2.0.4)
  • C
Arbitrary Code Injection

eve is an open source Python REST API framework.

Affected versions of this package are vulnerable to Arbitrary Code Injection via the where parameter in the io/mongo/parser.py file.

User input generated queries were not fully traversed in the sanitization. Therefore, the blacklist for mongo queries could be bypassed, allowing an attacker to manipulate $where queries to their advantage.

[,0.7.5)
Go back to all versions of this package