Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-PYTHON-BIKESHED-1537646
- published 15 Aug 2021
- disclosed 15 Aug 2021
- credit apple502j
How to fix?
bikeshed to version 3.0.0 or higher.
bikeshed is a pre-processor for spec documents.
Affected versions of this package are vulnerable to Arbitrary Code Injection. This can occur when an untrusted source file containing
Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output.