Directory Security Advisories

Security Advisories

CGA-7fcr-vcv9-6vxq

Published

Last updated

https://images.chainguard.dev/security/CGA-7fcr-vcv9-6vxq

Package

apache-beam-python-3.11-sdk

Latest Update

Fixed

Fixed Version

2.60.0-r0

Aliases

Severity

8.8

High

CVSS V3

Summary

js2py allows remote code execution

Description

An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.

References

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

© 2024 Chainguard. All Rights Reserved.

Product

Chainguard Images

Why Chainguard

Container Image Security Vulnerability Remediation Compliance and Risk Mitigation Software Supply Chain Security AI/ML Security

Customers

Customer Stories Chainguard Love

Company

About Us Pricing Open Source Careers Newsroom Legal

Resources

Unchained Blog Events Trust Center Documentation