[Git][security-tracker-team/security-tracker][master] Add CVE-2024-9880/pandas

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
92aebc3a by Salvatore Bonaccorso at 2025-03-20T22:00:23+01:00
Add CVE-2024-9880/pandas

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -137,7 +137,8 @@ CVE-2024-9901 (LocalAI version v2.19.4 (af0545834fd565ab56af0b9348550ca9c3cb5349
 CVE-2024-9900 (mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) v ...)
 	NOT-FOR-US: LocalAI
 CVE-2024-9880 (A command injection vulnerability exists in the `pandas.DataFrame.quer ...)
-	TODO: check
+	- pandas <unfixed>
+	NOTE: https://huntr.com/bounties/a49baae1-4652-4d6c-a179-313c21c41a8d
 CVE-2024-9847 (FlatPress CMS version latest is vulnerable to Cross-Site Request Forge ...)
 	- flatpress <itp> (bug #466297)
 CVE-2024-9840 (A Denial of Service (DoS) vulnerability exists in open-webui/open-webu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92aebc3a34ffd97feda8372419749f9108a9eedf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92aebc3a34ffd97feda8372419749f9108a9eedf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250320/d70b83aa/attachment-0001.htm>