WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| wmagent(PyPI) | 1.3.3rc1 | 2.0.4 | N/A |
| reqmgr2(PyPI) | 1.4.0rc2 | 2.0.4 | N/A |
| reqmon(PyPI) | 1.4.1rc5 | 2.0.4 | N/A |
| global-workqueue(PyPI) | 1.4.1rc5 | 2.0.4 | N/A |
CVSS Metrics
