GHSA-vxf2-7rc3-pxmx

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vxf2-7rc3-pxmx/GHSA-vxf2-7rc3-pxmx.json

Aliases

CVE-2005-1632

Published

2022-05-01T02:00:38Z

Modified

2023-09-18T23:34:20Z

Details

Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/.

References

https://nvd.nist.gov/vuln/detail/CVE-2005-1632
https://github.com/cheetahtemplate/cheetah
https://web.archive.org/web/20050430021153/http://sourceforge.net/mailarchive/forum.php?thread_id=7070332&forum_id=1542

Affected packages

PyPI / cheetah

Source Details

Package Name: cheetah

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.9.15

Last affected

0.9.16

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}