LAYER: meta
PACKAGE NAME: swig-native
PACKAGE VERSION: 4.2.1
CVE: CVE-2023-25344
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to execute arbitrary code via crafted Object.prototype anonymous function.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25344

LAYER: meta
PACKAGE NAME: swig-native
PACKAGE VERSION: 4.2.1
CVE: CVE-2023-25345
CVE STATUS: Patched
CVE SUMMARY: Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25345