Safety vulnerability ID: 65694
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library before version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling the execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue. See CVE-2024-23346.
Latest version: 2024.11.13
Python Materials Genomics is a robust materials analysis code that defines core object representations for structures
Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue. See CVE-2024-23346.
MISC:https://github.com/materialsproject/pymatgen/blob/master/pymatgen/symmetry/settings.py#L97C1-L111C108: https://github.com/materialsproject/pymatgen/blob/master/pymatgen/symmetry/settings.py#L97C1-L111C108
MISC:https://github.com/materialsproject/pymatgen/commit/c231cbd3d5147ee920a37b6ee9dd236b376bcf5a: https://github.com/materialsproject/pymatgen/commit/c231cbd3d5147ee920a37b6ee9dd236b376bcf5a
MISC:https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f: https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application