PYSEC-2014-84

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/logilab-common/PYSEC-2014-84.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2014-84

Aliases

CVE-2014-1839
GHSA-g5m2-22h2-rr3j

Published

2014-03-11T19:37:00Z

Modified

2023-11-08T03:57:35.247390Z

Summary

[none]

Details

The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.

References

http://lists.opensuse.org/opensuse-updates/2014-02/msg00085.html
http://www.logilab.org/ticket/207562
http://secunia.com/advisories/57209
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051
http://comments.gmane.org/gmane.comp.security.oss.general/11986
https://github.com/advisories/GHSA-g5m2-22h2-rr3j

Affected packages

PyPI / logilab-common

Package

Name: logilab-common; View open source insights on deps.dev
Purl: pkg:pypi/logilab-common

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.60.1

Affected versions

0.*

0.28.1

0.38.0

0.38.1

0.39.0

0.43.0

0.44.0

0.46.0

0.46.1

0.47.0

0.48.1

0.49.0

0.50.0

0.50.1

0.50.2

0.50.3

0.51.0

0.51.1

0.52.0

0.52.1

0.53.0

0.54.0

0.55.0

0.55.2

0.56.0

0.56.1

0.56.2

0.57.0

0.57.1

0.58.1

0.58.3

0.59.0

0.59.1

0.60.0