Arbitrary Code Execution Affecting pytest-qt-app package, versions [,1.1.0)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-PYTESTQTAPP-42017
- published 30 Oct 2017
- disclosed 16 Feb 2016
- credit Unknown
Overview
pytest-qt-app
is session-scoped by default and run in a subprocess and temp dir to cleanup when it's done.
Affected versions of this package are vulnerable to Arbitrary Code Execution attacks. It would run subprocess with shell=True, allowing an attacker to insert shell commands in the function.
References
CVSS Scores
version 3.1