pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.
{ "urgency": "low" }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2011-2765.json"