Command Injection in GitHub repository Nuitka prior to 0.9.
main() function uses the
eval() function which can lead to contextual code execution, allowing an attacker to gain access to a system and execute commands with the privileges of the running program by setting
NUITKA_PTH_IMPORTED to a malicious payload string. This can lead to backdoors, reverse shells or reading/writing to privileged files.
Nuitka prior to 0.9
Reported On: 4th June 2022
Made Public On: 5th June 2022
Fixed On:27th June 2022