Arbitrary Byte Injection Affecting topydo package, versions [0,]


Severity

0.0
high
0
10

    Threat Intelligence

    EPSS
    0.11% (44th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-TOPYDO-42160
  • published 28 Jun 2018
  • disclosed 26 Jun 2018
  • credit Unknown

How to fix?

There is no fix version for topydo.

Overview

topydo is a powerful and customizable todo.txt application for the console, inspired by the todo.txt CLI by Gina Trapani.

Affected versions of this package are vulnerable to Arbitrary Byte Injection to the terminal, including terminal escape code sequences.

References

CVSS Scores

version 3.1
Expand this section

Snyk

8.1 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    Required
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    None
  • Integrity (I)
    High
  • Availability (A)
    High
Expand this section

NVD

8.1 high