GCVE - cpe:2.3:a:https://github.com/geopython:pycsw:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:https://github.com/geopython:pycsw:*:*:*:*:*:*:*:*

part: a version: pycsw update: *

Vendor	Https (`d7181f43-5065-54de-83f7-090f042665aa`)
Product	//Github.Com/Geopython (`21dfe4cf-5f65-5921-b165-b14fdc6100c0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-8640`	vulnerable	2026-06-03 14:36:09.685696	Details available A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to. Published: 2018-08-01T18:00:00.000Z Updated: 2024-09-17T00:31:15.280Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/94302 https://github.com/geopython/pycsw/pull/474/files http://seclists.org/oss-sec/2016/q4/406 https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.