CVE-2018-1000523
Last modified
CVE-2018-1000523 is a vulnerability of currently unknown severity. topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. This attack appear to be exploitable via The victim must open a todo.txt with at least one specially crafted line... EPSS estimates a 1.16% chance of exploitation in the next 30 days.
Description
topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. This attack appear to be exploitable via The victim must open a todo.txt with at least one specially crafted line..
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Topydo | Topydo | All versions |
References
- https://github.com/bram85/topydo/blob/master/topydo/lib/ListFormat.py#L292Third Party Advisory
- https://github.com/bram85/topydo/issues/240Third Party Advisory
- https://github.com/bram85/topydo/blob/master/topydo/lib/ListFormat.py#L292Third Party Advisory
- https://github.com/bram85/topydo/issues/240Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000523?
How severe is CVE-2018-1000523?
How do I fix CVE-2018-1000523?
Are you affected by CVE-2018-1000523?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST