CVE-2022-2054

NameCVE-2022-2054
DescriptionCommand Injection in GitHub repository nuitka/nuitka prior to 0.9.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs1012762

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nuitka (PTS)buster0.6.1.1+ds-1vulnerable
bullseye0.6.11.3+ds-1.2vulnerable
sid0.9+ds-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nuitkasource(unstable)0.9+ds-11012762

Notes

[bullseye] - nuitka <no-dsa> (Minor issue)
[buster] - nuitka <no-dsa> (Minor issue)
[stretch] - nuitka <no-dsa> (Minor issue)
https://huntr.dev/bounties/ea4a842c-c48c-4aae-a599-3305125c63a7/
https://github.com/nuitka/nuitka/commit/09647745d7cbb6ff32f9fa948f19d5558b32bcad

Search for package or bug name: Reporting problems