Upstream information

CVE-2024-50636 at MITRE

Description

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE). This vulnerability arises because PyMOL treats .PYM files as Python scripts without properly validating or restricting the commands within the script, enabling attackers to run unauthorized commands in the context of the user running the application.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

SUSE Bugzilla entry: 1233275 [NEW]

No SUSE Security Announcements cross referenced.


SUSE Timeline for this CVE

CVE page created: Tue Nov 12 02:00:14 2024
CVE page last modified: Tue Nov 12 14:01:12 2024