PYSEC-2021-29

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/octoprint/PYSEC-2021-29.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2021-29
Aliases
Published
2021-05-11T14:15:00Z
Modified
2024-04-22T23:11:32.536615Z
Summary
[none]
Details

The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files.

References

Affected packages

PyPI / octoprint

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.0

Affected versions

1.*

1.3.11
1.3.12rc1
1.3.12rc3
1.3.12
1.4.0rc1
1.4.0rc2
1.4.0rc3
1.4.0rc4
1.4.0rc5
1.4.0rc6
1.4.0
1.4.1rc1
1.4.1rc2
1.4.1rc3
1.4.1rc4
1.4.1
1.4.2
1.5.0rc1
1.5.0rc2
1.5.0rc3
1.5.0
1.5.1
1.5.2
1.5.3
1.6.0rc1
1.6.0rc2
1.6.0rc3