Scan Installed Dependencies by Severity
pyraider go -s highwill automatically detect the high severity vulnerability in the installed dependencies.
Supported severities
- high
- medium
- low
Scan installed dependencies by severity.
pyraider go -s high
You should get a result like this.
_____ _____ _ _
| __ \ | __ \ (_) | |
| |__) | _| |__) |__ _ _ __| | ___ _ __
| ___/ | | | _ // _` | |/ _` |/ _ \ '__|
| | | |_| | | \ \ (_| | | (_| | __/ |
|_| \__, |_| \_\__,_|_|\__,_|\___|_|
__/ |
|___/
by RaiderSource version 1.0.19
Started Scanning .....
+-----------------+------------------------------------------------------------+
| Package | jinja2 |
+-----------------+------------------------------------------------------------+
| Severity | HIGH |
+-----------------+------------------------------------------------------------+
| CWE | 94 |
+-----------------+------------------------------------------------------------+
| CVE | CVE-2019-8341 |
+-----------------+------------------------------------------------------------+
| Current version | 2.11.2 |
+-----------------+------------------------------------------------------------+
| Update To | 3.0.0a1 |
+-----------------+------------------------------------------------------------+
| Description | ** DISPUTED ** An issue was discovered in Jinja2 2.10. The |
| | from_string function is prone to Server Side Template Inj |
| | ection (SSTI) where it takes the "source" parameter as a t |
| | emplate object, renders it, and then returns it. The attac |
| | ker can exploit it with {{INJECTION COMMANDS}} in a URI. N |
| | OTE: The maintainer and multiple third parties believe tha |
| | t this vulnerability isn't valid because users shouldn't u |
| | se untrusted templates without sandboxing. |
+-----------------+------------------------------------------------------------+
| Resolve | pip install jinja2==3.0.0a1 |
+-----------------+------------------------------------------------------------+
| More Info | https://nvd.nist.gov/vuln/detail/CVE-2019-8341 |
+-----------------+------------------------------------------------------------+