{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-03T07:22:59.109","vulnerabilities":[{"cve":{"id":"CVE-2023-41334","sourceIdentifier":"security-advisories@github.com","published":"2024-03-18T19:15:05.897","lastModified":"2026-06-17T06:21:50.713","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the `TranformGraph().to_dot_graph` function. A malicious user can provide a command or a script file as a value to the `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`.  Although an error will be raised, the command or script will be executed successfully. Version 5.3.3 fixes this issue."},{"lang":"es","value":"Astropy es un proyecto de astronomía en Python que fomenta la interoperabilidad entre paquetes de astronomía de Python. La versión 5.3.2 del paquete principal de Astropy es vulnerable a la ejecución remota de código debido a una validación de entrada incorrecta en la función `TranformGraph().to_dot_graph`. Un usuario malintencionado puede proporcionar un comando o un archivo de script como valor para el argumento `savelayout`, que se colocará como el primer valor en una lista de argumentos pasados a `subprocess.Popen`. Aunque se generará un error, el comando o script se ejecutará correctamente. La versión 5.3.3 soluciona este problema."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"astropy","product":"astropy","versions":[{"version":"= 5.3.2","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"astropy_project","product":"astropy","defaultStatus":"affected","cpes":["cpe:2.3:a:astropy_project:astropy:5.3.2:*:*:*:*:*:*:*"],"versions":[{"version":"5.3.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-08-02T15:20:41.705884Z","id":"CVE-2023-41334","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:astropy:astropy:5.3.2:*:*:*:*:python:*:*","matchCriteriaId":"0EF11CE8-F548-4B46-BE82-A139D1B9A1D3"}]}]}],"references":[{"url":"https://github.com/astropy/astropy/blob/9b97d98802ee4f5350a62b681c35d8687ee81d91/astropy/coordinates/transformations.py#L539","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/astropy/astropy/commit/22057d37b1313f5f5a9b5783df0a091d978dccb5","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hf","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/astropy/astropy/blob/9b97d98802ee4f5350a62b681c35d8687ee81d91/astropy/coordinates/transformations.py#L539","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://github.com/astropy/astropy/commit/22057d37b1313f5f5a9b5783df0a091d978dccb5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}