Home > Vulnerability Database > CVE-2023-35932

Mend.io Vulnerability Database

CVE-2023-35932

Good to know:

Date: June 23, 2023

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix.

Language: Python

Severity Score

8.8

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-35932

Url: https://github.com/tanghaibao/jcvi/security/advisories/GHSA-x49m-3cw7-gq5q

Url: https://github.com/tanghaibao/jcvi/blob/cede6c65c8e7603cb266bc3395ac8f915ea9eac7/jcvi/apps/base.py#LL2227C1-L2228C41

Url: https://www.mend.io/vulnerability-database/CVE-2023-35932

Severity Score

8.8

Weakness Type (CWE)

Command Injection

CWE-77

Improper Validation of Specified Quantity in Input

CWE-1284

Top Fix

Upgrade Version

Upgrade to version jcvi - 1.3.6

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-35932

Good to know:

Date: June 23, 2023

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?