Lucene search

GitHub Advisory DatabaseGHSA-VPQP-HX68-P2WX

HistoryMay 14, 2022 - 1:08 a.m.

Improper Link Resolution Before File Access in Suds

2022-05-1401:08:23

CWE-59

GitHub Advisory Database

github.com

1.2 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.

Affected configurations

Vulners

Node

jeff_ortelsudsRange≤0.4

CPENameOperatorVersion
sudsle0.4

CPE	Name	Operator	Version
	suds	le	0.4

References

lists.opensuse.org/opensuse-updates/2013-07/msg00062.html

www.openwall.com/lists/oss-security/2013/06/27/8

www.ubuntu.com/usn/USN-2008-1

bugzilla.redhat.com/show_bug.cgi?id=978696

github.com/advisories/GHSA-vpqp-hx68-p2wx

github.com/pypa/advisory-database/tree/main/vulns/suds/PYSEC-2013-32.yaml

nvd.nist.gov/vuln/detail/CVE-2013-2217

1.2 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for GHSA-VPQP-HX68-P2WX