Homepage
About Snyk

astropy@2.0 vulnerabilities

Astronomy and astrophysics core library

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the astropy package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Arbitrary Command Injection

Affected versions of this package are vulnerable to Arbitrary Command Injection via the to_dot_graph() function's savelayout argument, which is passed to subprocess.Popen.

How to fix Arbitrary Command Injection?

Upgrade astropy to version 5.3.3 or higher.

[,5.3.3)
  • M
Arbitrary Code Execution

astropy is a package intended to contain much of the core functionality and some common tools needed for performing astronomy and astrophysics with Python.

Affected versions of this package are vulnerable to Arbitrary Code Execution. It bundles the CFITSIO open source software project which contains vulnerabilities that could allow a remote, unauthenticated attacker to take control of a server running the CFITSIO software.

How to fix Arbitrary Code Execution?

Upgrade astropy to version 3.0.1 or higher.

[,3.0.1)
Go back to all versions of this package