Lucene search
K

10 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2026/06/15 12:0 a.m.4 views

Security update for python-python-dotenv (moderate)

openSUSE security update: security update for python-python-dotenv ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20952-1 Rating: moderate References: bsc1262423 Cross-References: CVE-2026-28684 CVSS scores: CVE-2026-28684 SUSE : 6.6...

6.6CVSS7.2AI score0.00236EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/04 8:22 p.m.11 views

Externally Controlled Reference to a Resource in Another Sphere

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Externally Controlled Reference to a Resource in Another Sphere via the dotenv loading process. An attacker can redirect runtime traffic away from operator-configured endpoints by setting...

5.3CVSS5.8AI score0.00105EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/21 2:38 p.m.43 views

python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

Summary setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered. Details The rewrite context manager in dotenv/main.py is used by both setkey...

6.6CVSS5.8AI score0.00236EPSS
Exploits1References6Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/20 7:31 p.m.4 views

1password-secrets (>=0.0.1.dev107 <=0.4.0), 42towels (>=0.1.1001 <=0.1.1011) +2357 more potentially affected by CVE-2026-28684 via python-dotenv (>=1.0.0 <=1.2.1)

python-dotenv PYPI version =1.0.0, =0.0.1.dev107, =0.1.1001, =2.3.0, =0.15.1, =0.1.0, =0.1.0, =1.0.0, =2.3.9, =1.18.8, =0.1.0b0, =0.0.1, =0.0.0, =0.0.9 and more Source cves: CVE-2026-28684 Source advisory: SNYK:PYTHON-PYTHONDOTENV-16115271...

6.6CVSS7.2AI score0.00236EPSS
Exploits1
Snyk
Snyk
added 2026/04/20 7:31 p.m.4 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the setkey and unsetkey functions. An attacker can overwrite arbitrary files by creating a crafted symbolic link that is followed during a cross-device rename fallback. PoC python import os import sys import tempfile...

7.1CVSS5.9AI score0.00236EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-28684

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, setkey and unsetkey in python-dotenv...

6.6CVSS7.7AI score0.00236EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/03 2:47 a.m.8 views

External Control of System or Configuration Setting

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the handling of the .env file, which can override the trusted root directory for bundled plugins. An attacker can influence the...

8.5CVSS5.9AI score0.00126EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/12 4:29 a.m.3 views

EUVD-2025-121251

Malicious code in titan-dotenv-rigel-vortex npm...

6.6AI score
Exploits0
vulnersOsv
vulnersOsv
added 2021/12/24 12:0 p.m.5 views

Hela (>=0.1.0 <=0.1.4), IMAPServer (=0.2.0) +1255 more potentially affected by unknown CVE via dotenv (>=0.10.1 <=0.9.0)

dotenv CARGO version =0.10.1, =0.1.0, =0.1.0, =0.2.0-beta.4, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.4.0, =0.4.3 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2021-0141...

5.7AI score
Exploits0
CNVD
CNVD
added 2019/05/21 12:0 a.m.1 views

Command execution vulnerability in dotenv

dotenv is a library that enables Node.js to load environment variables from files. A command execution vulnerability exists in dotenv. An attacker can exploit this vulnerability to execute system commands...

7.4AI score
Exploits0
Rows per page
Query Builder