Monday, October 11, 2021

Command Injection - hkjournalist [,0.0.8)

Overview

hkjournalist is a Custom Auto Report Generator for Python Program

Affected versions of this package are vulnerable to Command Injection due to an unsafe call of subprocess with shell=True in hkjournalist/journalist.py if provided with untrusted input.

Remediation

Upgrade hkjournalist to version 0.0.8 or higher.

References

 

Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore