Homepage
About Snyk

cookiecutter@0.1 vulnerabilities

A command-line utility that creates projects from project templates, e.g. creating a Python package project from a Python package project template.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the cookiecutter package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Command Injection

cookiecutter is a command-line utility that creates projects from cookiecutters.

Affected versions of this package are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.

How to fix Command Injection?

Upgrade cookiecutter to version 2.1.1 or higher.

[,2.1.1)
Go back to all versions of this package