Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2023-41334
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-18 Mar, 2024 | 19:15
Updated At-05 Dec, 2025 | 16:44

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the `TranformGraph().to_dot_graph` function. A malicious user can provide a command or a script file as a value to the `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`. Although an error will be raised, the command or script will be executed successfully. Version 5.3.3 fixes this issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
astropy
astropy
>>astropy>>5.3.2
cpe:2.3:a:astropy:astropy:5.3.2:*:*:*:*:python:*:*
Weaknesses
CWE IDTypeSource
CWE-77Secondarysecurity-advisories@github.com
CWE ID: CWE-77
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/astropy/astropy/blob/9b97d98802ee4f5350a62b681c35d8687ee81d91/astropy/coordinates/transformations.py#L539security-advisories@github.com
Product
https://github.com/astropy/astropy/commit/22057d37b1313f5f5a9b5783df0a091d978dccb5security-advisories@github.com
Patch
https://github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hfsecurity-advisories@github.com
Exploit
Vendor Advisory
https://github.com/astropy/astropy/blob/9b97d98802ee4f5350a62b681c35d8687ee81d91/astropy/coordinates/transformations.py#L539af854a3a-2127-422b-91ae-364da2661108
Product
https://github.com/astropy/astropy/commit/22057d37b1313f5f5a9b5783df0a091d978dccb5af854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hfaf854a3a-2127-422b-91ae-364da2661108
Exploit
Vendor Advisory
Hyperlink: https://github.com/astropy/astropy/blob/9b97d98802ee4f5350a62b681c35d8687ee81d91/astropy/coordinates/transformations.py#L539
Source: security-advisories@github.com
Resource:
Product
Hyperlink: https://github.com/astropy/astropy/commit/22057d37b1313f5f5a9b5783df0a091d978dccb5
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hf
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory
Hyperlink: https://github.com/astropy/astropy/blob/9b97d98802ee4f5350a62b681c35d8687ee81d91/astropy/coordinates/transformations.py#L539
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product
Hyperlink: https://github.com/astropy/astropy/commit/22057d37b1313f5f5a9b5783df0a091d978dccb5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Vendor Advisory
Change History
0Changes found
Details not found