VDB

GCVE-VVD-MAGEIA-2024-313

GCVE-VVD-MAGEIA-2024-313
Advisory Published
Vulnetix · Advisory published September 25, 2024
Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the `TranformGraph().to_dot_graph` function. A malicious user can provide a command or a script file as a value to the `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`. Although an error will be raised, the command or script will be executed successfully. (CVE-2023-41334)
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiapython-astropy0 (affected), 5.1.1-1.1.mga9 (unaffected)

Aliases

CVE-2023-41334

Transitive aliases

EUVD-2024-0929VVD-CISA-2023-41334GHSA-h2x6-5jx5-46hf

References

Updated python-astropy packages fix security vulnerability
advisory
Updated python-astropy packages fix security vulnerability
issue
Updated python-astropy packages fix security vulnerability
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›