FKIE_CVE-2023-41334

Vulnerability from fkie_nvd - Published: 2024-03-18 19:15 - Updated: 2025-12-05 16:44
Severity ?
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the `TranformGraph().to_dot_graph` function. A malicious user can provide a command or a script file as a value to the `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`. Although an error will be raised, the command or script will be executed successfully. Version 5.3.3 fixes this issue.
References
security-advisories@github.comhttps://github.com/astropy/astropy/blob/9b97d98802ee4f5350a62b681c35d8687ee81d91/astropy/coordinates/transformations.py#L539Product
security-advisories@github.comhttps://github.com/astropy/astropy/commit/22057d37b1313f5f5a9b5783df0a091d978dccb5Patch
security-advisories@github.comhttps://github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hfExploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/astropy/astropy/blob/9b97d98802ee4f5350a62b681c35d8687ee81d91/astropy/coordinates/transformations.py#L539Product
af854a3a-2127-422b-91ae-364da2661108https://github.com/astropy/astropy/commit/22057d37b1313f5f5a9b5783df0a091d978dccb5Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hfExploit, Vendor Advisory
Impacted products
Vendor Product Version
astropy astropy 5.3.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:astropy:astropy:5.3.2:*:*:*:*:python:*:*",
              "matchCriteriaId": "0EF11CE8-F548-4B46-BE82-A139D1B9A1D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the `TranformGraph().to_dot_graph` function. A malicious user can provide a command or a script file as a value to the `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`.  Although an error will be raised, the command or script will be executed successfully. Version 5.3.3 fixes this issue."
    },
    {
      "lang": "es",
      "value": "Astropy es un proyecto de astronom\u00eda en Python que fomenta la interoperabilidad entre paquetes de astronom\u00eda de Python. La versi\u00f3n 5.3.2 del paquete principal de Astropy es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo debido a una validaci\u00f3n de entrada incorrecta en la funci\u00f3n `TranformGraph().to_dot_graph`. Un usuario malintencionado puede proporcionar un comando o un archivo de script como valor para el argumento `savelayout`, que se colocar\u00e1 como el primer valor en una lista de argumentos pasados a `subprocess.Popen`. Aunque se generar\u00e1 un error, el comando o script se ejecutar\u00e1 correctamente. La versi\u00f3n 5.3.3 soluciona este problema."
    }
  ],
  "id": "CVE-2023-41334",
  "lastModified": "2025-12-05T16:44:33.033",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-03-18T19:15:05.897",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/astropy/astropy/blob/9b97d98802ee4f5350a62b681c35d8687ee81d91/astropy/coordinates/transformations.py#L539"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/astropy/astropy/commit/22057d37b1313f5f5a9b5783df0a091d978dccb5"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/astropy/astropy/blob/9b97d98802ee4f5350a62b681c35d8687ee81d91/astropy/coordinates/transformations.py#L539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/astropy/astropy/commit/22057d37b1313f5f5a9b5783df0a091d978dccb5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hf"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.