{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T10:36:01.685","vulnerabilities":[{"cve":{"id":"CVE-2023-41057","sourceIdentifier":"security-advisories@github.com","published":"2023-09-04T18:15:09.397","lastModified":"2024-11-21T08:20:28.527","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"hyper-bump-it is a command line tool for updating the version in project files.`hyper-bump-it` reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched files should be contained within the project root directory, but that is not checked. This could result in changes being written to files outside of the project. The default behaviour of `hyper-bump-it` is to display the planned changes and prompt the user for confirmation before editing any files. However, the configuration file provides a field that can be used cause files to be edited without displaying the prompt. This issue has been fixed in release version 0.5.1. Users are advised to upgrade. Users that are unable to update from vulnerable versions, executing `hyper-bump-it` with the `--interactive` command line argument will ensure that all planned changes are displayed and prompt the user for confirmation before editing any files, even if the configuration file contains `show_confirm_prompt=true`.\n"},{"lang":"es","value":"hyper-bump-it es una herramienta de línea de comandos para actualizar la versión de los archivos del proyecto. Hyper-bump-it lee un patrón glob del archivo de configuración. Esto se combina con el directorio raíz del proyecto para construir un patrón glob completo que se utiliza para encontrar los archivos que deben ser editados. Estos archivos deben estar dentro del directorio raíz del proyecto, pero esto no se comprueba. Esto podría provocar que los cambios se escribieran en ficheros fuera del proyecto. El comportamiento por defecto de hyper-bump-it es mostrar los cambios planeados y pedir confirmación al usuario antes de editar cualquier fichero. Sin embargo, el fichero de configuración proporciona un campo que puede utilizarse para editar ficheros sin que aparezca la pregunta. Este problema se ha solucionado en la versión 0.5.1. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar desde versiones vulnerables, ejecutando hyper-bump-it con el argumento de línea de comandos \"--interactive\" se asegurarán de que se muestren todos los cambios planificados y pedirán confirmación al usuario antes de editar cualquier archivo, incluso si el archivo de configuración contiene \"show_confirm_prompt=true\". "}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:plannigan:hyper_bump_it:*:*:*:*:*:python:*:*","versionEndExcluding":"0.5.1","matchCriteriaId":"69EA70AA-6E78-4DAD-9706-0DB5159CFA90"}]}]}],"references":[{"url":"https://github.com/plannigan/hyper-bump-it/pull/307","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/plannigan/hyper-bump-it/security/advisories/GHSA-xc27-f9q3-4448","source":"security-advisories@github.com","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/plannigan/hyper-bump-it/pull/307","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/plannigan/hyper-bump-it/security/advisories/GHSA-xc27-f9q3-4448","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]}]}}]}