Lucene search
+L

4 matches found

osv
osv
added 2026/06/11 12:45 p.m.6 views

OPENSUSE-SU-2026:20952-1 Security update for python-python-dotenv

This update for python-python-dotenv fixes the following issue: - CVE-2026-28684: Prior to version 1.2.2, setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink bsc1262423...

6.6CVSS8AI score0.00236EPSS
Exploits1References2
osv
osv
added 2026/05/09 12:30 p.m.11 views

OESA-2026-2199 python-dotenv security update

Python-dotenv reads key-value pairs from a .env file and can set them as environment variables. It helps in the development of applications following the 12-factor principles. Security Fixes: python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to...

6.6CVSS5.9AI score0.00236EPSS
Exploits1References2
cvelist
cvelist
added 2026/04/20 4:25 p.m.39 views

CVE-2026-28684 python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a...

6.6CVSS0.00236EPSS
Exploits1References3
cve
cve
added 2026/04/20 4:25 p.m.56 views

CVE-2026-28684

CVE-2026-28684 (python-dotenv) : The issue affects python-dotenv where the functions set_key() and unset_key() follow symbolic links when rewriting the .env file. This behavior enables a local attacker to overwrite arbitrary files via a crafted symlink during a cross-device rename fallback. Impac...

6.6CVSS5.9AI score0.00236EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder