GHSA-53gr-wmf4-8hh3

Source

https://github.com/advisories/GHSA-53gr-wmf4-8hh3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-53gr-wmf4-8hh3/GHSA-53gr-wmf4-8hh3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-53gr-wmf4-8hh3

Aliases

CVE-2026-35371

Related

CGA-w33g-vhq2-ph8c

Published

2026-04-22T18:31:46Z

Modified

2026-06-02T02:14:16.540087251Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

uutils coreutils's User Interface (UI) Misrepresents Critical Information

Details

The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleading diagnostic output that can cause automated scripts or system administrators to make incorrect decisions regarding file permissions or access control.

Database specific

{
    "cwe_ids": [
        "CWE-451"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-30T17:52:13Z",
    "nvd_published_at": "2026-04-22T17:16:40Z",
    "severity": "LOW"
}

References

Affected packages

crates.io / coreutils

Package

Name: coreutils; View open source insights on deps.dev
Purl: pkg:cargo/coreutils

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.8.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-53gr-wmf4-8hh3/GHSA-53gr-wmf4-8hh3.json"