CVE-2023-41334: RCE in TranformGraph().to_dot_graph function
RCE due to improper input validation in TranformGraph().to_dot_graph function
References
- github.com/advisories/GHSA-h2x6-5jx5-46hf
- github.com/astropy/astropy
- github.com/astropy/astropy/blob/9b97d98802ee4f5350a62b681c35d8687ee81d91/astropy/coordinates/transformations.py
- github.com/astropy/astropy/commit/22057d37b1313f5f5a9b5783df0a091d978dccb5
- github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hf
- nvd.nist.gov/vuln/detail/CVE-2023-41334
Code Behaviors & Features
Detect and mitigate CVE-2023-41334 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →