CVE-2020-19001: Command Injection in Simiki

September 1, 2021 (updated October 22, 2024)

Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component ‘simiki/blob/master/simiki/config.py’.

References

github.com/advisories/GHSA-w873-xcqq-x922
github.com/pypa/advisory-database/tree/main/vulns/simiki/PYSEC-2021-348.yaml
github.com/tankywoo/simiki
github.com/tankywoo/simiki/commit/45da0ab7c1e94b368cac22867e7ac9a42dbb9390
github.com/tankywoo/simiki/issues/123
nvd.nist.gov/vuln/detail/CVE-2020-19001

Code Behaviors & Features

Detect and mitigate CVE-2020-19001 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →