Vulnerability Description
This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codecov | Codecov-Python | < 2.0.16 |
Related Weaknesses (CWE)
References
- https://github.com/codecov/codecov-python/commit/2a80aa434f74feb31242b6f213b75cePatchThird Party Advisory
- https://snyk.io/vuln/SNYK-PYTHON-CODECOV-552149ExploitThird Party Advisory
- https://github.com/codecov/codecov-python/commit/2a80aa434f74feb31242b6f213b75cePatchThird Party Advisory
- https://snyk.io/vuln/SNYK-PYTHON-CODECOV-552149ExploitThird Party Advisory
FAQ
What is CVE-2019-10800?
CVE-2019-10800 is a vulnerability with a CVSS score of 6.5 (MEDIUM). This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.
How severe is CVE-2019-10800?
CVE-2019-10800 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10800?
Check the references section above for vendor advisories and patch information. Affected products include: Codecov Codecov-Python.