Saturday, October 9, 2021

Command Injection - python-openzwave [,0.4.19)

Overview

python-openzwave is a python_openzwave is a python wrapper for the openzwave c++ library.

Affected versions of this package are vulnerable to Command Injection due to unsafe use of the os.system() in update_ozw_config.

Remediation

Upgrade python-openzwave to version 0.4.19 or higher.

References

 

Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore