rxiv-maker 1.4.18 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the rxiv-maker package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
C Command Injection rxiv-maker is a Write scientific preprints in Markdown. Generate publication-ready PDFs efficiently. Affected versions of this package are vulnerable to Command Injection due to improper handling of shell commands. The `upgrade` command uses `shell=True`, which allows shell injection. How to fix Command Injection? Upgrade `rxiv-maker` to version 1.8.9 or higher.	[,1.8.9)
H Directory Traversal rxiv-maker is a Write scientific preprints in Markdown. Generate publication-ready PDFs efficiently. Affected versions of this package are vulnerable to Directory Traversal due to insufficient sanitization of GitHub name input. The GitHub name validation logic fails to strip path separators, special characters, and null bytes, allowing crafted names containing traversal sequences or null-byte injections to be incorporated into filesystem paths. An attacker can exploit this by supplying malicious GitHub names that cause file operations to resolve outside the intended directory, enabling unauthorized access to or modification of arbitrary files on the server. How to fix Directory Traversal? Upgrade `rxiv-maker` to version 1.9.0 or higher.	[,1.9.0)

Vulnerability

Vulnerable Version

Command Injection

rxiv-maker is a Write scientific preprints in Markdown. Generate publication-ready PDFs efficiently.

Affected versions of this package are vulnerable to Command Injection due to improper handling of shell commands. The upgrade command uses shell=True, which allows shell injection.

How to fix Command Injection?

Upgrade rxiv-maker to version 1.8.9 or higher.

[,1.8.9)

Directory Traversal

rxiv-maker is a Write scientific preprints in Markdown. Generate publication-ready PDFs efficiently.

Affected versions of this package are vulnerable to Directory Traversal due to insufficient sanitization of GitHub name input. The GitHub name validation logic fails to strip path separators, special characters, and null bytes, allowing crafted names containing traversal sequences or null-byte injections to be incorporated into filesystem paths. An attacker can exploit this by supplying malicious GitHub names that cause file operations to resolve outside the intended directory, enabling unauthorized access to or modification of arbitrary files on the server.

How to fix Directory Traversal?

Upgrade rxiv-maker to version 1.9.0 or higher.

[,1.9.0)

rxiv-maker@1.4.18 vulnerabilities

Write scientific preprints in Markdown. Generate publication-ready PDFs efficiently.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically