CVE-2024-23346
21.02.2024, 17:15
Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.
| Vendor | Product | Version |
|---|---|---|
| materialsvirtuallab | pymatgen | 𝑥 < 2024.2.20 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References