CVE-2024-23346

HIGH

CVSS v3

7.8

HIGH

EPSS Score

41.6%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.

Technical Details

Published
2/21/2024

Frequently Asked Questions

What is CVE-2024-23346?

Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.

Is CVE-2024-23346 actively exploited?

Active exploitation of CVE-2024-23346 has not been confirmed. The EPSS score is 41.6%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-23346?

CVE-2024-23346 has a CVSS v3 base score of 7.8 (HIGH severity).

Is CVE-2024-23346 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.