Lucene search

K

GoogleOSV:GHSA-XR2C-5W89-63PV

HistoryMar 23, 2022 - 12:00 a.m.

Poetry before v1.1.9 contains Untrusted Search Path

2022-03-2300:00:24

Google

osv.dev

5

0.002 Low

EPSS

Percentile

59.3%

Poetry prior to v1.1.9 was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.

CPENameOperatorVersion
poetryeq0.10.0a1
poetryeq0.8.2
poetryeq1.0.6
poetryeq0.11.0a3
poetryeq0.10.0a3
poetryeq1.1.2
poetryeq1.0.0b1
poetryeq0.6.1
poetryeq1.0.9
poetryeq0.12.8

Rows per page:

1-10 of 1361

References

github.com/advisories/GHSA-xr2c-5w89-63pv

github.com/pypa/advisory-database/tree/main/vulns/poetry/PYSEC-2022-234.yaml

github.com/python-poetry

github.com/python-poetry/poetry-core/commit/1e1a109a1009daaab2367ce90c997f0cbbb0c1d1

github.com/python-poetry/poetry-core/pull/205/commits/fa9cb6f358ae840885c700f954317f34838caba7

github.com/python-poetry/poetry/releases/tag/1.1.9

nvd.nist.gov/vuln/detail/CVE-2022-26184

www.sonarsource.com/blog/securing-developer-tools-package-managers

0.002 Low

EPSS

Percentile

59.3%

Related for OSV:GHSA-XR2C-5W89-63PV

nvd1 osv2 prion1 debiancve1 github1 cve1 veracode1 ubuntucve1 cvelist1