Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Materialsvirtuallab |
|
No data.
References
History
Wed, 05 Feb 2025 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Materialsvirtuallab
Materialsvirtuallab pymatgen |
|
| CPEs | cpe:2.3:a:materialsvirtuallab:pymatgen:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Materialsvirtuallab
Materialsvirtuallab pymatgen |
Mon, 19 Aug 2024 08:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-19T07:47:59.282Z
Reserved: 2024-01-15T15:19:19.446Z
Link: CVE-2024-23346
Vulnrichment
Updated: 2024-08-19T07:47:59.282Z
NVD
Status : Analyzed
Published: 2024-02-21T17:15:09.377
Modified: 2025-02-05T22:10:07.683
Link: CVE-2024-23346
Redhat
No data.