Critical severityNVD Advisory· Published Jan 10, 2019· Updated Sep 16, 2024
CVE-2017-1002157
CVE-2017-1002157
Description
modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
modulemdPyPI | < 1.3.2 | 1.3.2 |
Affected products
2- Fedora Modularity/modulemdv5Range: unspecified
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-jhjh-ghwx-6h7rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-1002157ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/modulemd/PYSEC-2019-153.yamlghsaWEB
- pagure.io/modulemd/issue/55ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.