Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ycjUyLXdnN2YtODg3Nc4AAVFC
Improper Link Resolution Before File Access in logilab-commons
The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-common before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.
Permalink: https://github.com/advisories/GHSA-rr52-wg7f-8875JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ycjUyLXdnN2YtODg3Nc4AAVFC
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 9 months ago
CVSS Score: 5.6
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Identifiers: GHSA-rr52-wg7f-8875, CVE-2014-1838
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-1838
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051
- http://comments.gmane.org/gmane.comp.security.oss.general/11986
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00085.html
- https://github.com/advisories/GHSA-rr52-wg7f-8875
- https://github.com/pypa/advisory-database/tree/main/vulns/logilab-common/PYSEC-2014-83.yaml
- http://secunia.com/advisories/57209
- http://www.logilab.org/ticket/207561
Affected Packages
pypi:logilab-common
Dependent packages: 8Dependent repositories: 1,257
Downloads: 77,305 last month
Affected Version Ranges: < 0.61.0
Fixed in: 0.61.0
All affected versions: 0.28.1, 0.38.0, 0.38.1, 0.39.0, 0.43.0, 0.44.0, 0.46.0, 0.46.1, 0.47.0, 0.48.1, 0.49.0, 0.50.0, 0.50.1, 0.50.2, 0.50.3, 0.51.0, 0.51.1, 0.52.0, 0.52.1, 0.53.0, 0.54.0, 0.55.0, 0.55.2, 0.56.0, 0.56.1, 0.56.2, 0.57.0, 0.57.1, 0.58.1, 0.58.3, 0.59.0, 0.59.1, 0.60.0, 0.60.1
All unaffected versions: 0.61.0, 0.62.0, 0.62.1, 0.63.0, 0.63.1, 0.63.2, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.5.0, 1.5.1, 1.5.2, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6, 1.9.7, 1.9.8, 1.10.0, 1.11.0, 2.0.0