Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-15271

In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. As a workaround, the `lookatme/contrib/terminal.py` and `lookatme/contrib/file_loader.py` files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.1%
CVSS Severity
CVSS v3 Score 9.3
CVSS v2 Score 9.3
Products affected by CVE-2020-15271


Products
Pricing
Contact Us

Shodan ® - All rights reserved