3 matches found
UBUNTU-CVE-2025-27154
Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...
CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...
bridge_lmdb (=0.1.0), ithos (=0.0.0) +3 more potentially affected by unknown CVE via lmdb-rs (=0.7.6)
lmdb-rs CARGO version =0.7.6 is affected by a known vulnerability. The following packages have a transitive dependency on lmdb-rs and may be impacted: - bridgelmdb =0.1.0 - ithos =0.0.0 - sanakirja =1.0.0, =0.1.0, =0.1.0, =0.3.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0047...