Lucene search

K

GoogleOSV:GHSA-3JHC-WJQF-5F2C

HistoryMay 17, 2022 - 5:35 a.m.

Virtualenv Allows Symlink Attack on /tmp/

2022-05-1705:35:07

Google

osv.dev

8

virtualenv

symlink attack

/tmp

vulnerability

software

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

5.1%

virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.

References

lists.fedoraproject.org/pipermail/package-announce/2012-January/071638.html

lists.fedoraproject.org/pipermail/package-announce/2012-January/071643.html

openwall.com/lists/oss-security/2011/12/19/2

openwall.com/lists/oss-security/2011/12/19/4

openwall.com/lists/oss-security/2011/12/19/5

github.com/pypa/virtualenv

github.com/pypa/virtualenv/commit/68075ad9ededf7df2c46d385f836c13b729de2ca

nvd.nist.gov/vuln/detail/CVE-2011-4617

web.archive.org/web/20200228151935/https://bitbucket.org/ianb/virtualenv/commits/8be37c509fe5

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

5.1%

Related for OSV:GHSA-3JHC-WJQF-5F2C

fedora2 openvas6 cvelist1 github1 cve1 osv1 prion1 nessus3 gentoo1 ubuntucve1 debiancve1 nvd1