4 matches found
CVE-2022-35861
pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...
openSUSE 15 Security Update : pyenv (openSUSE-SU-2022:10183-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10183-1 advisory. - pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can cra...
CVE-2022-35861
Summary: CVE-2022-35861 affects pyenv 1.2.24–2.3.2. A crafted .python-version in the current directory can cause relative path traversal in shim execution, enabling local privilege escalation. This is caused by an unvalidated version string used to construct the path to the command. Impact: local...
CVE-2022-35861
pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...