Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.
{
"cna_assigner": "mitre",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/26xxx/CVE-2022-26184.json"
}{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:python-poetry:poetry:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "1.1.9"
}
]
}