CVE-2019-17526
N/A
N/A
Summary
An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an import('os').popen('whoami').read() line. NOTE: the vendor's position is that the product is "vulnerable by design" and the current behavior will be retained
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/sagemath/sagecell/commits/master
- https://sethsec.blogspot.com/2016/11/exploiting-python-code-injection-in-web.html
- https://gist.github.com/barrett092/0380a1c34c014e29b827d1f408381525
References
- https://github.com/sagemath/sagecell/commits/master
- https://sethsec.blogspot.com/2016/11/exploiting-python-code-injection-in-web.html
- https://gist.github.com/barrett092/0380a1c34c014e29b827d1f408381525
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.