PYSEC-2014-83

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/logilab-common/PYSEC-2014-83.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2014-83

Aliases

Published

2014-03-11T19:37:00Z

Modified

2023-11-08T03:57:35.186410Z

Summary

[none]

Details

The (1) extractkeysfrompdf and (2) fillpdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.

References

Affected packages

PyPI / logilab-common

Package

Name: logilab-common; View open source insights on deps.dev
Purl: pkg:pypi/logilab-common

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.60.1

Affected versions

0.*

0.28.1

0.38.0

0.38.1

0.39.0

0.43.0

0.44.0

0.46.0

0.46.1

0.47.0

0.48.1

0.49.0

0.50.0

0.50.1

0.50.2

0.50.3

0.51.0

0.51.1

0.52.0

0.52.1

0.53.0

0.54.0

0.55.0

0.55.2

0.56.0

0.56.1

0.56.2

0.57.0

0.57.1

0.58.1

0.58.3

0.59.0

0.59.1

0.60.0