The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2022-06-03T20:00:14.617802Z
Updated: 2024-09-17T00:46:55.130Z
Reserved: 2022-02-24T00:00:00
Link: CVE-2022-24065
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-06-08T08:15:07.237
Modified: 2023-11-07T03:44:22.860
Link: CVE-2022-24065
Redhat
No data.