[Bug 1195000] New: VUL-0: CVE-2022-0329: python-loguru: insecure deserialization in loguru
http://bugzilla.opensuse.org/show_bug.cgi?id=1195000 Bug ID: 1195000 Summary: VUL-0: CVE-2022-0329: python-loguru: insecure deserialization in loguru Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/321379/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: jayvdb@gmail.com Reporter: thomas.leroy@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2022-0329 Code Injection in Conda loguru prior to master. Upstream fix commit: https://github.com/delgan/loguru/commit/4b0070a4f30cbf6d5e12e6274b242b62ea11... References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0329 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0329 https://github.com/delgan/loguru/commit/4b0070a4f30cbf6d5e12e6274b242b62ea11... https://huntr.dev/bounties/1-pypi-loguru -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1195000 http://bugzilla.opensuse.org/show_bug.cgi?id=1195000#c1 --- Comment #1 from Thomas Leroy <thomas.leroy@suse.com> --- No version has been bumped for the moment. openSUSE:Backports:SLE-15-SP4 and openSUSE:Factory are affected. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com