platformio@1.4.0 vulnerabilities

Your Gateway to Embedded Software Development Excellence. Unlock the true potential of embedded software development with PlatformIO's collaborative ecosystem, embracing declarative principles, test-driven methodologies, and modern toolchains for unrivaled success.

Direct Vulnerabilities

Known vulnerabilities in the platformio package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Command Injection

platformio is a new generation ecosystem for embedded development. Cross-platform IDE and Unified Debugger. Static Code Analyzer and Remote Unit Testing. Multi-platform and Multi-architecture Build System. Firmware File Explorer and Memory Inspection. Arduino, ARM mbed, Espressif (ESP8266/ESP32), STM32, PIC32, nRF51/nRF52, RISC-V, FPGA, CMSIS, SPL, AVR, Samsung ARTIK, libOpenCM3.

Affected versions of this package are vulnerable to Command Injection via the pioino.py component when converting INO files to CPP.

How to fix Command Injection?

Upgrade platformio to version 6.1.7 or higher.

[,6.1.7)
  • H
Arbitrary File Write via Archive Extraction (Zip Slip)

platformio is a new generation ecosystem for embedded development. Cross-platform IDE and Unified Debugger. Static Code Analyzer and Remote Unit Testing. Multi-platform and Multi-architecture Build System. Firmware File Explorer and Memory Inspection. Arduino, ARM mbed, Espressif (ESP8266/ESP32), STM32, PIC32, nRF51/nRF52, RISC-V, FPGA, CMSIS, SPL, AVR, Samsung ARTIK, libOpenCM3.

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip). It is possible to overwrite files when using FileUnpacker to extract items from TAR archive.

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

Upgrade platformio to version 4.1.0 or higher.

[,4.1.0)