{"id":"PYSEC-2018-8","details":"io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter.","aliases":["CVE-2018-8097","GHSA-8jxq-75rw-fhj9"],"modified":"2023-11-08T04:00:25.713396Z","published":"2018-03-14T12:29:00Z","references":[{"type":"REPORT","url":"https://github.com/pyeve/eve/issues/1101"},{"type":"FIX","url":"https://github.com/pyeve/eve/commit/f8f7019ffdf9b4e05faf95e1f04e204aa4c91f98"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-8jxq-75rw-fhj9"}],"affected":[{"package":{"name":"eve","ecosystem":"PyPI","purl":"pkg:pypi/eve"},"ranges":[{"type":"GIT","repo":"https://github.com/pyeve/eve","events":[{"introduced":"0"},{"fixed":"f8f7019ffdf9b4e05faf95e1f04e204aa4c91f98"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.7.5"}]}],"versions":["0.0.1","0.0.2","0.0.3","0.0.4","0.0.5","0.0.6","0.0.7","0.0.8","0.0.9","0.1","0.1.1","0.2","0.3","0.4","0.5","0.5.1","0.5.2","0.5.3","0.6","0.6.1","0.6.2","0.6.3","0.6.4","0.7","0.7.1","0.7.2","0.7.3","0.7.4"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/eve/PYSEC-2018-8.yaml"}}],"schema_version":"1.7.3"}