pandas@0.13.0 vulnerabilities

Powerful data structures for data analysis, time series, and statistics

latest version

2.2.3

first published

15 years ago

latest version published

3 months ago

licenses detected

BSD-2-Clause
[0.1,1.3.0)

View pandas package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the pandas package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Arbitrary Command Execution pandas is a Python package providing data structures designed to make working with structured (tabular, multidimensional, potentially heterogeneous) and time series data both easy and intuitive. Affected versions of this package are vulnerable to Arbitrary Command Execution in the `pandas.DataFrame.query()` function, which is commonly exposed by applications to accept user input. Code can be injected into a Python expression, which will be executed with the privileges of the application. How to fix Arbitrary Command Execution? There is no fixed version for `pandas`.	[0,)
H SQL Injection pandas is a Python package providing data structures designed to make working with structured (tabular, multidimensional, potentially heterogeneous) and time series data both easy and intuitive. Affected versions of this package are vulnerable to SQL Injection via `sql.py`, due to improper input sanitization. How to fix SQL Injection? Upgrade `pandas` to version 0.16.0 or higher.	[,0.16.0)

Arbitrary Command Execution

pandas is a Python package providing data structures designed to make working with structured (tabular, multidimensional, potentially heterogeneous) and time series data both easy and intuitive.

Affected versions of this package are vulnerable to Arbitrary Command Execution in the pandas.DataFrame.query() function, which is commonly exposed by applications to accept user input. Code can be injected into a Python expression, which will be executed with the privileges of the application.

How to fix Arbitrary Command Execution?

There is no fixed version for pandas.

[0,)

SQL Injection

pandas is a Python package providing data structures designed to make working with structured (tabular, multidimensional, potentially heterogeneous) and time series data both easy and intuitive.

Affected versions of this package are vulnerable to SQL Injection via sql.py, due to improper input sanitization.

How to fix SQL Injection?

Upgrade pandas to version 0.16.0 or higher.

[,0.16.0)

Go back to all versions of this package