Aggregates CVE and security vulnerability intelligence across all didotech-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection, with potential vendor impact data exposure across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-40958 | A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/base_client.py component. | [email protected] | 8.8 | 1.94% | 2023-09-15 | 2024-11-21 |
| CVE-2023-40957 | A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/base_client.py component. | [email protected] | 8.8 | 1.94% | 2023-09-15 | 2024-11-21 |
| CVE-2023-40955 | A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/base_client.py component. | [email protected] | 8.8 | 1.94% | 2023-09-15 | 2024-11-21 |