Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14cDc2LTM1N2ctOXdxcc3gGw
SciPy creates insecure temporary directories
The scipy.weave
component in SciPy before 0.12.1 creates insecure temporary directories.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14cDc2LTM1N2ctOXdxcc3gGw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 19 days ago
CVSS Score: 7.8
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-xp76-357g-9wqq, CVE-2013-4251
References:
- https://nvd.nist.gov/vuln/detail/CVE-2013-4251
- https://github.com/scipy/scipy/commit/bd296e0336420b840fcd2faabb97084fd252a973
- https://access.redhat.com/security/cve/cve-2013-4251
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4251
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4251
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88052
- https://security-tracker.debian.org/tracker/CVE-2013-4251
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120696.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119759.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119771.html
- http://www.securityfocus.com/bid/63008
- https://github.com/advisories/GHSA-xp76-357g-9wqq
Blast Radius: 41.8
Affected Packages
pypi:scipy
Dependent packages: 15,254Dependent repositories: 229,003
Downloads: 105,300,876 last month
Affected Version Ranges: < 0.12.1
Fixed in: 0.12.1
All affected versions: 0.4.4, 0.5.2, 0.6.0, 0.7.0, 0.7.2, 0.8.0, 0.9.0, 0.10.0, 0.10.1, 0.11.0, 0.12.0
All unaffected versions: 0.12.1, 0.13.0, 0.13.1, 0.13.2, 0.13.3, 0.14.0, 0.14.1, 0.15.0, 0.15.1, 0.16.0, 0.16.1, 0.17.0, 0.17.1, 0.18.0, 0.18.1, 0.19.0, 0.19.1, 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.8.0, 1.8.1, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.10.0, 1.10.1, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.12.0, 1.13.0