Lucene search
K

8 matches found

EUVD
EUVD
added 2026/04/21 2:38 p.m.5 views

EUVD-2026-23901

python-dotenv: Symlink following in setkey allows arbitrary file overwrite via cross-device rename fallback...

6.6CVSS5.9AI score0.00236EPSS
Exploits1References5
OSV
OSV
added 2026/04/21 2:38 p.m.9 views

GHSA-MF9W-MJ56-HR94 python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

Summary setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered. Details The rewrite context manager in dotenv/main.py is used by both setkey...

6.6CVSS5.8AI score0.00236EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/04/21 2:38 p.m.43 views

python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

Summary setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered. Details The rewrite context manager in dotenv/main.py is used by both setkey...

6.6CVSS5.8AI score0.00236EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/20 4:25 p.m.5 views

CVE-2026-28684 python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a...

6.6CVSS5.9AI score0.00236EPSS
Exploits1References3
CVE
CVE
added 2026/04/20 4:25 p.m.50 views

CVE-2026-28684

CVE-2026-28684 (python-dotenv) : The issue affects python-dotenv where the functions set_key() and unset_key() follow symbolic links when rewriting the .env file. This behavior enables a local attacker to overwrite arbitrary files via a crafted symlink during a cross-device rename fallback. Impac...

6.6CVSS5.9AI score0.00236EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/20 4:25 p.m.35 views

CVE-2026-28684 python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a...

6.6CVSS0.00236EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-51491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during...

3.3CVSS6.9AI score0.00192EPSS
Exploits1References2
OSV
OSV
added 2025/01/13 10:15 p.m.4 views

UBUNTU-CVE-2024-51491

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...

3.3CVSS7AI score0.00192EPSS
Exploits1References5
Rows per page
Query Builder