platformio@2.3.5 vulnerabilities

Your Gateway to Embedded Software Development Excellence. Unlock the true potential of embedded software development with PlatformIO's collaborative ecosystem, embracing declarative principles, test-driven methodologies, and modern toolchains for unrivaled success.

  • latest version

    6.1.16

  • latest non vulnerable version

  • first published

    9 years ago

  • latest version published

    2 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the platformio package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Command Injection

    platformio is a new generation ecosystem for embedded development. Cross-platform IDE and Unified Debugger. Static Code Analyzer and Remote Unit Testing. Multi-platform and Multi-architecture Build System. Firmware File Explorer and Memory Inspection. Arduino, ARM mbed, Espressif (ESP8266/ESP32), STM32, PIC32, nRF51/nRF52, RISC-V, FPGA, CMSIS, SPL, AVR, Samsung ARTIK, libOpenCM3.

    Affected versions of this package are vulnerable to Command Injection via the pioino.py component when converting INO files to CPP.

    How to fix Command Injection?

    Upgrade platformio to version 6.1.7 or higher.

    [,6.1.7)
    • H
    Arbitrary File Write via Archive Extraction (Zip Slip)

    platformio is a new generation ecosystem for embedded development. Cross-platform IDE and Unified Debugger. Static Code Analyzer and Remote Unit Testing. Multi-platform and Multi-architecture Build System. Firmware File Explorer and Memory Inspection. Arduino, ARM mbed, Espressif (ESP8266/ESP32), STM32, PIC32, nRF51/nRF52, RISC-V, FPGA, CMSIS, SPL, AVR, Samsung ARTIK, libOpenCM3.

    Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip). It is possible to overwrite files when using FileUnpacker to extract items from TAR archive.

    How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

    Upgrade platformio to version 4.1.0 or higher.

    [,4.1.0)