Ecosyste.ms: Advisories

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04cWMtbWY2cC1wZnE5

Link Following in rply

python-rply before 0.7.4 insecurely creates temporary files.

Permalink: https://github.com/advisories/GHSA-m8qc-mf6p-pfq9
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04cWMtbWY2cC1wZnE5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 4 years ago
Updated: 18 days ago

CVSS Score: 5.5
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-m8qc-mf6p-pfq9, CVE-2014-1938
References:

• https://nvd.nist.gov/vuln/detail/CVE-2014-1938
• https://github.com/alex/rply/issues/42
• https://github.com/alex/rply/commit/76d268a38c627bf4aebebcd064f5b6d380eb8b20
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737627
• https://security-tracker.debian.org/tracker/CVE-2014-1938
• http://www.openwall.com/lists/oss-security/2014/02/11/1
• https://github.com/advisories/GHSA-m8qc-mf6p-pfq9
• https://github.com/pypa/advisory-database/tree/main/vulns/rply/PYSEC-2019-202.yaml

Repository: https://github.com/alex/rply
Blast Radius: 12.8

Affected Packages