Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-26145

Summary
Assigner-snyk
Assigner Org ID-bae035ff-b466-4ff4-94d0-fc9efd9e1730
Published At-28 Sep, 2023 | 05:00
Updated At-23 Sep, 2024 | 19:02
Rejected At-
Credits

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python object, relative to the original source object. These paths can be used to target internal class attributes and dict items, to retrieve, modify or invoke nested Python objects. **Note:** The pydash.objects.invoke() method is vulnerable to Command Injection when the following prerequisites are satisfied: 1) The source object (argument 1) is not a built-in object such as list/dict (otherwise, the __init__.__globals__ path is not accessible) 2) The attacker has control over argument 2 (the path string) and argument 3 (the argument to pass to the invoked method) The pydash.collections.invoke_map() method is also vulnerable, but is harder to exploit as the attacker does not have direct control over the argument to be passed to the invoked function.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:snyk
Assigner Org ID:bae035ff-b466-4ff4-94d0-fc9efd9e1730
Published At:28 Sep, 2023 | 05:00
Updated At:23 Sep, 2024 | 19:02
Rejected At:
▼CVE Numbering Authority (CNA)

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python object, relative to the original source object. These paths can be used to target internal class attributes and dict items, to retrieve, modify or invoke nested Python objects. **Note:** The pydash.objects.invoke() method is vulnerable to Command Injection when the following prerequisites are satisfied: 1) The source object (argument 1) is not a built-in object such as list/dict (otherwise, the __init__.__globals__ path is not accessible) 2) The attacker has control over argument 2 (the path string) and argument 3 (the argument to pass to the invoked method) The pydash.collections.invoke_map() method is also vulnerable, but is harder to exploit as the attacker does not have direct control over the argument to be passed to the invoked function.

Affected Products
Vendor
n/a
Product
pydash
Versions
Affected
  • From 0 before 6.0.0 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACommand Injection
Type: N/A
CWE ID: N/A
Description: Command Injection
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Calum Hutton
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.snyk.io/vuln/SNYK-PYTHON-PYDASH-5916518
N/A
https://gist.github.com/CalumHutton/45d33e9ea55bf4953b3b31c84703dfca
N/A
https://github.com/dgilland/pydash/commit/6ff0831ad285fff937cafd2a853f20cc9ae92021
N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-PYTHON-PYDASH-5916518
Resource: N/A
Hyperlink: https://gist.github.com/CalumHutton/45d33e9ea55bf4953b3b31c84703dfca
Resource: N/A
Hyperlink: https://github.com/dgilland/pydash/commit/6ff0831ad285fff937cafd2a853f20cc9ae92021
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.snyk.io/vuln/SNYK-PYTHON-PYDASH-5916518
x_transferred
https://gist.github.com/CalumHutton/45d33e9ea55bf4953b3b31c84703dfca
x_transferred
https://github.com/dgilland/pydash/commit/6ff0831ad285fff937cafd2a853f20cc9ae92021
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-PYTHON-PYDASH-5916518
Resource:
x_transferred
Hyperlink: https://gist.github.com/CalumHutton/45d33e9ea55bf4953b3b31c84703dfca
Resource:
x_transferred
Hyperlink: https://github.com/dgilland/pydash/commit/6ff0831ad285fff937cafd2a853f20cc9ae92021
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:report@snyk.io
Published At:28 Sep, 2023 | 05:15
Updated At:07 Nov, 2023 | 04:09

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python object, relative to the original source object. These paths can be used to target internal class attributes and dict items, to retrieve, modify or invoke nested Python objects. **Note:** The pydash.objects.invoke() method is vulnerable to Command Injection when the following prerequisites are satisfied: 1) The source object (argument 1) is not a built-in object such as list/dict (otherwise, the __init__.__globals__ path is not accessible) 2) The attacker has control over argument 2 (the path string) and argument 3 (the argument to pass to the invoked method) The pydash.collections.invoke_map() method is also vulnerable, but is harder to exploit as the attacker does not have direct control over the argument to be passed to the invoked function.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches
derrickgilland
derrickgilland
>>pydash>>Versions before 6.0.0(exclusive)
cpe:2.3:a:derrickgilland:pydash:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-77Primarynvd@nist.gov
CWE-94Primarynvd@nist.gov
CWE-78Secondaryreport@snyk.io
CWE ID: CWE-77
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-94
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-78
Type: Secondary
Source: report@snyk.io
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gist.github.com/CalumHutton/45d33e9ea55bf4953b3b31c84703dfcareport@snyk.io
Exploit
Third Party Advisory
https://github.com/dgilland/pydash/commit/6ff0831ad285fff937cafd2a853f20cc9ae92021report@snyk.io
Patch
https://security.snyk.io/vuln/SNYK-PYTHON-PYDASH-5916518report@snyk.io
Third Party Advisory
Hyperlink: https://gist.github.com/CalumHutton/45d33e9ea55bf4953b3b31c84703dfca
Source: report@snyk.io
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/dgilland/pydash/commit/6ff0831ad285fff937cafd2a853f20cc9ae92021
Source: report@snyk.io
Resource:
Patch
Hyperlink: https://security.snyk.io/vuln/SNYK-PYTHON-PYDASH-5916518
Source: report@snyk.io
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found