Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-23346

Published: 21/02/2024 Updated: 22/02/2024

Vulnerability Summary

Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.

Vendor Advisories

Debian CVElist Bug Report Logs: pymatgen: CVE-2024-23346
Debian Bug report logs - #1064514 pymatgen: CVE-2024-23346 Package: src:pymatgen; Maintainer for src:pymatgen is Debichem Team <debichem-devel@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 23 Feb 2024 15:30:02 UTC Severity: grave Tags: security, upstream Found in version pymat ...

References

https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2fhttps://github.com/materialsproject/pymatgen/commit/c231cbd3d5147ee920a37b6ee9dd236b376bcf5ahttps://github.com/materialsproject/pymatgen/blob/master/pymatgen/symmetry/settings.py#L97C1-L111C108https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064514https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook