4 matches found
CVE-2019-16784
In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...
Exploit for Execution with Unnecessary Privileges in Pyinstaller
PyInstallerPriv...
cork (>=0.1.0 <=0.2.0), dvc (>=0.8.2 <=0.8.6) +12 more potentially affected by CVE-2019-16784 via pyinstaller (>=3.0.0 <=3.5.0)
pyinstaller PYPI version =3.0.0, =0.1.0, =0.8.2, =1.0.0.dev0, =2019.6.5, =0.1.22, =0.9.94, =0.0.1, =0.4.0, =0.1.0, =1.0.1, =0.2.0, =0.7.1 Source cves: CVE-2019-16784 Source advisory: OSV:GHSA-7FCJ-PQ9J-WH2R...
CVE-2019-16784 Local Privilege Escalation present only on the Windows version of PyInstaller
In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...