CVE-2022-24065
Published
CVSS v3
8.1
HIGH
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.
A cross-platform command-line utility that creates projects from cookiecutters (project templates), e.g. Python package projects, C projects.
GitHub