[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-1000802":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":52,"aliases":53,"duplicate_of":9,"upstream":54,"downstream":55,"duplicates":92,"related":93,"reserved_at":9,"published_at":106,"modified_at":107,"state":108,"summary":109,"references_raw":118,"kevs":169,"epss":170,"epss_history":173,"metrics":413,"affected":422},"CVE-2018-1000802","Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-77","Improper Neutralization of Special Elements used in a Command ('Command Injection')","The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.","weakness","Draft","Class","High",[20,24,28,32,36,40,44,48],{"id":21,"name":22,"techniques":23},"CAPEC-136","LDAP Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-15","Command Delimiters",[],{"id":29,"name":30,"techniques":31},"CAPEC-183","IMAP/SMTP Command Injection",[],{"id":33,"name":34,"techniques":35},"CAPEC-248","Command Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-40","Manipulating Writeable Terminal Devices",[],{"id":41,"name":42,"techniques":43},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":45,"name":46,"techniques":47},"CAPEC-75","Manipulating Writeable Configuration Files",[],{"id":49,"name":50,"techniques":51},"CAPEC-76","Manipulating Web Input to File System Calls",[],[],[],[],[56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90],{"_key":57},"SUSE-SU-2020:0234-1",{"_key":59},"OPENSUSE-SU-2024:11202-1",{"_key":61},"SUSE-SU-2018:3002-1",{"_key":63},"SUSE-SU-2018:3554-1",{"_key":65},"SUSE-SU-2018:3554-2",{"_key":67},"SUSE-SU-2019:2053-1",{"_key":69},"SUSE-SU-2019:2053-2",{"_key":71},"SUSE-SU-2020:0114-1",{"_key":73},"SUSE-SU-2020:0302-1",{"_key":75},"OPENSUSE-SU-2020:0086-1",{"_key":77},"OPENSUSE-SU-2024:11284-1",{"_key":79},"DLA-1519-1",{"_key":81},"DLA-1520-1",{"_key":83},"DSA-4306-1",{"_key":85},"MGASA-2018-0495",{"_key":87},"UBUNTU-CVE-2018-1000802",{"_key":89},"USN-3817-1",{"_key":91},"DEBIAN-CVE-2018-1000802",[],[94,95,96,97,98,99,100,101,102,103,104,105],{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":85},"2018-09-18T00:00:00.000Z","2024-08-05T12:40:47.934Z","Modified",{"cisa_kev":110,"cisa_ransomware":110,"cisa_vendor":9,"epss_severity":111,"epss_score":112,"severity":113,"severity_score":114,"severity_version":115,"severity_source":116,"severity_vector":117,"severity_status":108},false,"high",0.26492,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[119,126,131,135,140,144,148,152,157,161,165],{"url":120,"sources":121,"tags":123},"https://www.debian.org/security/2018/dsa-4306",[122,116],"cve.org",[124,125],"Vendor Advisory","Third Party Advisory",{"url":127,"sources":128,"tags":129},"https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html",[122,116],[130,125],"Mailing List",{"url":132,"sources":133,"tags":134},"https://usn.ubuntu.com/3817-2/",[122,116],[124,125],{"url":136,"sources":137,"tags":138},"https://github.com/python/cpython/pull/8985/commits/add531a1e55b0a739b0f42582f1c9747e5649ace",[122,116],[139,124],"Patch",{"url":141,"sources":142,"tags":143},"https://mega.nz/#%21JUFiCC4R%21mq-jQ8ySFwIhX6WMDujaZuNBfttDVt7DETlfOIQE1ig",[122,116],[],{"url":145,"sources":146,"tags":147},"https://github.com/python/cpython/pull/8985",[122,116],[139,124],{"url":149,"sources":150,"tags":151},"https://usn.ubuntu.com/3817-1/",[122,116],[124,125],{"url":153,"sources":154,"tags":155},"https://bugs.python.org/issue34540",[122,116],[156,139,124],"Issue Tracking",{"url":158,"sources":159,"tags":160},"https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html",[122,116],[130,125],{"url":162,"sources":163,"tags":164},"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html",[122,116],[124,130,125],{"url":166,"sources":167,"tags":168},"https://security.netapp.com/advisory/ntap-20230309-0002/",[122,116],[],[],{"date":171,"score":112,"percentile":172},"2026-06-04",0.96425,[174,178,181,183,186,188,191,194,196,198,201,204,206,208,211,215,218,221,224,227,230,232,235,239,241,244,246,249,252,255,258,261,264,266,268,271,274,277,279,282,285,287,289,292,295,297,300,303,305,307,309,312,315,318,322,324,326,329,331,334,337,340,342,344,347,349,351,353,356,358,360,362,365,368,371,374,377,379,382,385,388,391,394,396,399,401,403,405,407,410],{"date":175,"score":176,"percentile":177},"2025-11-04",0.23201,0.95702,{"date":179,"score":176,"percentile":180},"2025-11-05",0.957,{"date":182,"score":176,"percentile":177},"2025-11-06",{"date":184,"score":176,"percentile":185},"2025-11-07",0.95703,{"date":187,"score":176,"percentile":180},"2025-11-08",{"date":189,"score":176,"percentile":190},"2025-11-09",0.95698,{"date":192,"score":176,"percentile":193},"2025-11-10",0.95699,{"date":195,"score":176,"percentile":180},"2025-11-11",{"date":197,"score":176,"percentile":185},"2025-11-12",{"date":199,"score":176,"percentile":200},"2025-11-13",0.95704,{"date":202,"score":176,"percentile":203},"2025-11-14",0.95705,{"date":205,"score":176,"percentile":200},"2025-11-15",{"date":207,"score":176,"percentile":203},"2025-11-16",{"date":209,"score":176,"percentile":210},"2025-11-17",0.95706,{"date":212,"score":213,"percentile":214},"2025-11-18",0.21182,0.95273,{"date":216,"score":213,"percentile":217},"2025-11-19",0.95275,{"date":219,"score":213,"percentile":220},"2025-11-20",0.95278,{"date":222,"score":176,"percentile":223},"2025-11-21",0.95715,{"date":225,"score":176,"percentile":226},"2025-11-22",0.95714,{"date":228,"score":176,"percentile":229},"2025-11-23",0.95712,{"date":231,"score":176,"percentile":226},"2025-11-24",{"date":233,"score":176,"percentile":234},"2025-11-25",0.95718,{"date":236,"score":237,"percentile":238},"2025-11-26",0.2745,0.96219,{"date":240,"score":237,"percentile":238},"2025-11-27",{"date":242,"score":237,"percentile":243},"2025-11-28",0.96217,{"date":245,"score":237,"percentile":238},"2025-11-29",{"date":247,"score":237,"percentile":248},"2025-11-30",0.9622,{"date":250,"score":237,"percentile":251},"2025-12-01",0.96252,{"date":253,"score":237,"percentile":254},"2025-12-02",0.96251,{"date":256,"score":237,"percentile":257},"2025-12-03",0.96253,{"date":259,"score":237,"percentile":260},"2025-12-04",0.96221,{"date":262,"score":237,"percentile":263},"2025-12-05",0.96224,{"date":265,"score":237,"percentile":263},"2025-12-06",{"date":267,"score":237,"percentile":260},"2025-12-07",{"date":269,"score":237,"percentile":270},"2025-12-08",0.96222,{"date":272,"score":237,"percentile":273},"2025-12-09",0.96225,{"date":275,"score":237,"percentile":276},"2025-12-10",0.9623,{"date":278,"score":237,"percentile":276},"2025-12-11",{"date":280,"score":237,"percentile":281},"2025-12-12",0.96232,{"date":283,"score":237,"percentile":284},"2025-12-13",0.96233,{"date":286,"score":237,"percentile":276},"2025-12-14",{"date":288,"score":237,"percentile":284},"2025-12-15",{"date":290,"score":237,"percentile":291},"2025-12-16",0.96239,{"date":293,"score":237,"percentile":294},"2025-12-17",0.96241,{"date":296,"score":237,"percentile":294},"2025-12-18",{"date":298,"score":237,"percentile":299},"2025-12-19",0.9624,{"date":301,"score":237,"percentile":302},"2025-12-20",0.96242,{"date":304,"score":237,"percentile":294},"2025-12-21",{"date":306,"score":237,"percentile":302},"2025-12-22",{"date":308,"score":237,"percentile":294},"2025-12-23",{"date":310,"score":237,"percentile":311},"2025-12-24",0.96245,{"date":313,"score":237,"percentile":314},"2025-12-25",0.96249,{"date":316,"score":237,"percentile":317},"2025-12-26",0.96248,{"date":319,"score":320,"percentile":321},"2025-12-27",0.23977,0.9586,{"date":323,"score":237,"percentile":311},"2025-12-28",{"date":325,"score":237,"percentile":311},"2025-12-29",{"date":327,"score":237,"percentile":328},"2025-12-30",0.96246,{"date":330,"score":237,"percentile":254},"2025-12-31",{"date":332,"score":237,"percentile":333},"2026-01-01",0.96281,{"date":335,"score":237,"percentile":336},"2026-01-02",0.96279,{"date":338,"score":237,"percentile":339},"2026-01-03",0.96277,{"date":341,"score":237,"percentile":311},"2026-01-04",{"date":343,"score":237,"percentile":302},"2026-01-05",{"date":345,"score":237,"percentile":346},"2026-01-06",0.96244,{"date":348,"score":237,"percentile":346},"2026-01-07",{"date":350,"score":237,"percentile":328},"2026-01-08",{"date":352,"score":237,"percentile":317},"2026-01-09",{"date":354,"score":237,"percentile":355},"2026-01-10",0.9625,{"date":357,"score":237,"percentile":254},"2026-01-11",{"date":359,"score":237,"percentile":254},"2026-01-12",{"date":361,"score":237,"percentile":355},"2026-01-13",{"date":363,"score":237,"percentile":364},"2026-01-14",0.96256,{"date":366,"score":237,"percentile":367},"2026-01-15",0.96257,{"date":369,"score":237,"percentile":370},"2026-01-16",0.96259,{"date":372,"score":237,"percentile":373},"2026-01-17",0.96262,{"date":375,"score":237,"percentile":376},"2026-01-18",0.96265,{"date":378,"score":237,"percentile":376},"2026-01-19",{"date":380,"score":237,"percentile":381},"2026-01-20",0.96266,{"date":383,"score":237,"percentile":384},"2026-01-21",0.96267,{"date":386,"score":237,"percentile":387},"2026-01-22",0.96268,{"date":389,"score":237,"percentile":390},"2026-01-23",0.96272,{"date":392,"score":237,"percentile":393},"2026-01-24",0.96275,{"date":395,"score":237,"percentile":339},"2026-01-25",{"date":397,"score":237,"percentile":398},"2026-01-26",0.96278,{"date":400,"score":237,"percentile":339},"2026-01-27",{"date":402,"score":237,"percentile":398},"2026-01-28",{"date":404,"score":237,"percentile":336},"2026-01-29",{"date":406,"score":237,"percentile":336},"2026-01-30",{"date":408,"score":237,"percentile":409},"2026-01-31",0.9628,{"date":411,"score":237,"percentile":412},"2026-02-01",0.96307,[414],{"source":116,"cvss_v2_0":415,"cvss_v3_0":9,"cvss_v3_1":420,"cvss_v4_0":9},{"baseScore":416,"baseSeverity":9,"vectorString":417,"impactScore":418,"exploitabilityScore":419},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":114,"baseSeverity":421,"vectorString":117,"impactScore":114,"exploitabilityScore":419},"CRITICAL",[423,438,447,453],{"ecosystem":9,"name":424,"vendor":425,"product":426,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":428},"ubuntu linux","canonical","ubuntu_linux","o",[429,432,434,436],{"version":430,"is_range":110,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.04","cpe",{"version":433,"is_range":110,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04",{"version":435,"is_range":110,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":437,"is_range":110,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"ecosystem":9,"name":439,"vendor":440,"product":441,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":442},"debian linux","debian","debian_linux",[443,445],{"version":444,"is_range":110,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":446,"is_range":110,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":448,"vendor":449,"product":448,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":450},"leap","opensuse",[451],{"version":452,"is_range":110,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.1",{"ecosystem":9,"name":454,"vendor":454,"product":454,"cpe_part":455,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":456},"python","a",[457],{"version":458,"is_range":459,"range_type":431,"version_start":460,"version_start_type":461,"version_end":462,"version_end_type":463,"fixed_in":9},"gte2.7.0_lt2.7.16",true,"2.7.0","including","2.7.16","excluding"]