Safety vulnerability ID: 65694
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library before version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling the execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue. See CVE-2024-23346.
Latest version: 2024.5.1
Python Materials Genomics is a robust materials analysis code that defines core object representations for structures and molecules with support for many electronic structure codes. It is currently the core analysis code powering the Materials Project (https://materialsproject.org).
Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue. See CVE-2024-23346.
MISC:https://github.com/materialsproject/pymatgen/blob/master/pymatgen/symmetry/settings.py#L97C1-L111C108: https://github.com/materialsproject/pymatgen/blob/master/pymatgen/symmetry/settings.py#L97C1-L111C108
MISC:https://github.com/materialsproject/pymatgen/commit/c231cbd3d5147ee920a37b6ee9dd236b376bcf5a: https://github.com/materialsproject/pymatgen/commit/c231cbd3d5147ee920a37b6ee9dd236b376bcf5a
MISC:https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f: https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application