CVE-2024-23346

CVSS 3.1 Score 9.3 of 10 (high)

Details

Published Feb 21, 2024

Updated: Feb 22, 2024

CWE ID 77

Summary

CVE-2024-23346 is a critical security vulnerability affecting the Pymatgen (Python Materials Genomics) library before version 2024.2.20. The issue resides in the `JonesFaithfulTransformation.from_transformation_str()` method, which unsafely employs `eval()` for processing unverified user input. This misuse of `eval()` allows the execution of arbitrary code, exposing systems to potential attacks. Version 2024.2.20 rectifies the vulnerability by implementing more secure parsing techniques.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uJ409T
https://www.cve.org/CVERecord?id=CVE-2024-23346
https://nvd.nist.gov/vuln/detail/CVE-2024-23346

Back to Vulnerability Database

CVE-2024-23346

CVSS 3.1 Score 9.3 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations