Skip to content

Commit 40a7c85

Browse files
myteronmyteron
authored
pySCG: adding prominent CVE for CWE-78 to main readme (#692)
* pySCG: adding prominent CVE for CWE-78 to main readme Signed-off-by: Helge Wehder <[email protected]> * fixed copy and paste mistakes for code examples in readme Signed-off-by: Helge Wehder <[email protected]> --------- Signed-off-by: Helge Wehder <[email protected]>
1 parent a7f2313 commit 40a7c85

File tree

2 files changed

+1
-4
lines changed

2 files changed

+1
-4
lines changed

docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-78/README.md

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,6 @@ This scenario demonstrates a potential remote command execution. The `FileOperat
4040
*[noncompliant01.py](noncompliant01.py):*
4141

4242
```python
43-
""" Non-compliant Code Example """
4443
# SPDX-FileCopyrightText: OpenSSF project contributors
4544
# SPDX-License-Identifier: MIT
4645
""" Non-compliant Code Example """
@@ -135,8 +134,6 @@ The `compliant01.py` code using the cross-platform compatible pathlib module and
135134
*[compliant01.py](compliant01.py):*
136135

137136
```python
138-
""" Compliant Code Example """
139-
140137
# SPDX-FileCopyrightText: OpenSSF project contributors
141138
# SPDX-License-Identifier: MIT
142139
""" Compliant Code Example """

docs/Secure-Coding-Guide-for-Python/readme.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,7 @@ It is **not production code** and requires code-style or python best practices t
8787

8888
|[CWE-707: Improper Neutralization](https://cwe.mitre.org/data/definitions/707.html)|Prominent CVE|
8989
|:----------------------------------------------------------------|:----|
90-
|[CWE-78: Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")](CWE-707/CWE-78/README.md)||
90+
|[CWE-78: Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")](CWE-707/CWE-78/README.md)|[CVE-2024-43804](https://www.cvedetails.com/cve/CVE-2024-43804/),<br/>CVSSv3.1: **8.8**,<br/>EPSS: **00.06** (08.11.2024)|
9191
|[CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')](CWE-707/CWE-89/.)|[CVE-2019-8600](https://www.cvedetails.com/cve/CVE-2019-8600/),<br/>CVSSv3.1: **9.8**,<br/>EPSS: **01.43** (18.02.2024)|
9292
|[CWE-117: Improper Output Neutralization for Logs](CWE-707/CWE-117/.)||
9393
|[CWE-175: Improper Handling of Mixed Encoding](CWE-707/CWE-175/README.md)||

0 commit comments

Comments
 (0)