Insecure Defaults in khoros

Do your applications use this vulnerable package? Test your applications

Overview

khoros is an Useful tools and utilities to assist in managing a Khoros Community (formerly Lithium) environment.

Affected versions of this package are vulnerable to Insecure Defaults. An issue exists where the default value for the shell parameter to be False within py:func:khoros.utils.core_utils.run_cmd function. This is considered dangerous if user input flows into the run_cmd function.

Remediation

Upgrade khoros to version 3.5.0 or higher.

References

GitHub Commit

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

Low
Integrity

Low
Availability

None

Credit: Unknown
CWE: CWE-453
Snyk ID: SNYK-PYTHON-KHOROS-1090199
Disclosed: 01 Apr, 2021
Published: 01 Apr, 2021

Insecure Defaults
Affecting khoros package, versions [,3.5.0)

Overview

Remediation

References

CVSS Score

Insecure Defaults Affecting khoros package, versions [,3.5.0)

Overview

Remediation

References

Insecure Defaults
Affecting khoros package, versions [,3.5.0)