GHSA-vxf2-7rc3-pxmx

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vxf2-7rc3-pxmx/GHSA-vxf2-7rc3-pxmx.json
Aliases
  • CVE-2005-1632
Published
2022-05-01T02:00:38Z
Modified
2023-09-18T23:34:20Z
Details

Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/.

References

Affected packages

PyPI / cheetah

Source Details

Package Name
cheetah

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.9.15
Last affected
0.9.16

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}