16 matches found
CVE-2022-35861
pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...
EUVD-2022-38734
Malicious code in bioql PyPI...
OPENSUSE-SU-2024:12200-1 pyenv-2.3.2-1.1 on GA media
These are all security issues fixed in the pyenv-2.3.2-1.1 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2022-35861
pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...
openSUSE 15 Security Update : pyenv (openSUSE-SU-2022:10183-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10183-1 advisory. - pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can cra...
OPENSUSE-SU-2022:10183-1 Security update for pyenv
This update for pyenv fixes the following issues: Update to 2.3.5 - Add CPython 3.10.7 by @edgarrmondragon in 2454 - Docs: update Fish PATH update by @gregorias in 2449 - Add CPython 3.7.14, 3.8.14 and 3.9.14 by @edgarrmondragon in 2456 - Update miniconda3-3.9-4.12.0 by @Tsuki in 2460 - Add CPyth...
Security update for pyenv (moderate)
openSUSE Security Update: Security update for pyenv Announcement ID: openSUSE-SU-2022:10183-1 Rating: moderate References: 1201582 Cross-References: CVE-2022-35861 CVSS scores: CVE-2022-35861 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP4 A...
CVE-2022-35861
pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...
CVE-2022-35861
pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...
CVE-2022-35861
pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...
Path traversal
pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...
CVE-2022-35861
pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...
CVE-2022-35861
pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...
CVE-2022-35861
Summary: CVE-2022-35861 affects pyenv 1.2.24–2.3.2. A crafted .python-version in the current directory can cause relative path traversal in shim execution, enabling local privilege escalation. This is caused by an unvalidated version string used to construct the path to the command. Impact: local...
pyenv 路径遍历漏洞
pyenv is a simple Python versioning tool. A security vulnerability in pyenv versions 1.2.24 through 2.3.2 exists that allows local users to gain privileges through the .python-version file in the current working directory...
PT-2022-22974 · Pyenv · Pyenv
Name of the Vulnerable Software and Affected Versions: pyenv versions 1.2.24 through 2.3.2 Description: The issue allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims...