pyspector 0.1.5

Direct Vulnerabilities

Known vulnerabilities in the pyspector package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) pyspector is an A high-performance, security-focused static analysis tool for Python, powered by Rust. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the HTML report generation. An attacker can execute arbitrary JavaScript code in the victim's browser by crafting a malicious Python file containing JavaScript payloads, which are then embedded unsanitized into the generated report. This can lead to arbitrary DOM manipulation, redirects to attacker-controlled pages, or theft of locally accessible data when the report is opened. How to fix Cross-site Scripting (XSS)? Upgrade `pyspector` to version 0.1.7 or higher.	[,0.1.7)
H Incomplete List of Disallowed Inputs pyspector is an A high-performance, security-focused static analysis tool for Python, powered by Rust. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the `validate_plugin_code` function. An attacker can execute arbitrary system commands by delivering a malicious plugin that uses indirect function calls, such as `getattr(os, 'system')`, to bypass static analysis checks. Note: This is only exploitable if a user explicitly installs and trusts a malicious plugin using the command-line interface with the `--trust` flag. How to fix Incomplete List of Disallowed Inputs? Upgrade `pyspector` to version 0.1.7 or higher.	[,0.1.7)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

pyspector is an A high-performance, security-focused static analysis tool for Python, powered by Rust.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the HTML report generation. An attacker can execute arbitrary JavaScript code in the victim's browser by crafting a malicious Python file containing JavaScript payloads, which are then embedded unsanitized into the generated report. This can lead to arbitrary DOM manipulation, redirects to attacker-controlled pages, or theft of locally accessible data when the report is opened.

How to fix Cross-site Scripting (XSS)?

Upgrade pyspector to version 0.1.7 or higher.

[,0.1.7)

Incomplete List of Disallowed Inputs

pyspector is an A high-performance, security-focused static analysis tool for Python, powered by Rust.

Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the validate_plugin_code function. An attacker can execute arbitrary system commands by delivering a malicious plugin that uses indirect function calls, such as getattr(os, 'system'), to bypass static analysis checks.

Note: This is only exploitable if a user explicitly installs and trusts a malicious plugin using the command-line interface with the --trust flag.

How to fix Incomplete List of Disallowed Inputs?

Upgrade pyspector to version 0.1.7 or higher.

[,0.1.7)

pyspector@0.1.5

A high-performance, security-focused static analysis tool for Python, powered by Rust.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically