CVE-2024-23346 | materialsproject pymatgen prior 2024.2.20 from_transformation_str command injection

Posted by Angelo Barbosa | Feb 21, 2024 | CVE

A vulnerability was found in materialsproject pymatgen. It has been rated as critical. Affected by this issue is the function from_transformation_str. The manipulation leads to command injection.

This vulnerability is handled as CVE-2024-23346. The attack needs to be approached locally. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-23346 | materialsproject pymatgen prior 2024.2.20 from_transformation_str command injection

Related Posts

CVE-2023-40155 | Intel CST prior 2.1.10300 uncontrolled search path (intel-sa-01021)

CVE-2021-47006 | Linux Kernel up to 5.12.4 ARM overflow_handler Privilege Escalation

CVE-2024-4103 | ADFO Plugin up to 1.9.0 on WordPress Admin Dashboard Page cross-site request forgery

CVE-2024-39731 | IBM Datacap Navigator 9.1.5/9.1.6/9.1.7/9.1.8/9.1.9 risky encryption (XFDB-295970)