Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhycjQtNzRtYy1ycGpj
Pyro mishandles pid files in temporary directory locations and opening the pid file as root
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.
Permalink: https://github.com/advisories/GHSA-xrr4-74mc-rpjcJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhycjQtNzRtYy1ycGpj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-xrr4-74mc-rpjc, CVE-2011-2765
References:
- https://nvd.nist.gov/vuln/detail/CVE-2011-2765
- https://github.com/irmen/Pyro3/commit/554e095a62c4412c91f981e72fd34a936ac2bf1e
- https://bugs.debian.org/631912
- https://github.com/advisories/GHSA-xrr4-74mc-rpjc
- https://pythonhosted.org/Pyro/12-changes.html
Blast Radius: 7.8
Affected Packages
pypi:pyro
Dependent packages: 3Dependent repositories: 11
Downloads: 1,927 last month
Affected Version Ranges: < 3.15
Fixed in: 3.15
All affected versions: 3.9.1
All unaffected versions: