koji

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting kojipage 1 of 1

CVE-2017-1002153HIGHCVSS 7.5EG 7.5✓ Fixed in 1.15.0
2017-10-06
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.
CVE-2018-1002150CRITICALCVSS 9.1EG 9.1✓ Fixed in 1.15.1
2018-04-04
vulnerable: 1.15.0
Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1.
CVE-2019-17109MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.19.0
2019-10-09
vulnerable: 1.15.0, 1.16.0, 1.16.1, 1.17.0, 1.18.0
Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation.
CVE-2024-9427MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.33.2
2024-12-24
vulnerable: 1.15.0 ... 1.33.1 (35 versions)
A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koj…

Check whether koji is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for koji CVEs against the assets you own.

Start Free Scan →