Lucene search
Veracode Vulnerability DatabaseVERACODE:30906HistoryJun 11, 2021 - 8:50 a.m.
Path Traversal
2021-06-1108:50:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.002 Low
EPSS
Percentile
59.1%
thefuck is vulnerable to path traversal. Using “undo archive operation” feature allows deletion of arbitrary file outside of working directory.
| CPE | Name | Operator | Version |
|---|---|---|---|
| thefuck | le | 3.30 | |
| thefuck:sid | eq | 3.29-0.1 | |
| thefuck:bullseye | eq | 3.29-0.1 |
References
github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092
github.com/nvbn/thefuck/releases/tag/3.31
lists.fedoraproject.org/archives/list/[email protected]/message/4MEDDLBFVRUQHPYIBJ4MFM3M4NUJUXL5/
lists.fedoraproject.org/archives/list/[email protected]/message/YA6UNQSOY6M3NJDZLS6YJXTS4WGDMEEJ/
vuln.ryotak.me/advisories/48
Related
osv
osv
The Fuck Arbitrary File Deletion via Path Traversal
2021-06-15 15:49:01
PYSEC-2021-97
2021-06-10 11:15:00
CVE-2021-34363
2021-06-10 11:15:09
openvas
openvas
Fedora: Security Advisory for thefuck (FEDORA-2022-0f1653e269)
2022-01-20 00:00:00
Fedora: Security Advisory for thefuck (FEDORA-2022-5aeda24c24)
2022-01-19 00:00:00
cve
cve
CVE-2021-34363
2021-06-10 11:15:09
archlinux
archlinux
[ASA-202106-39] thefuck: arbitrary file overwrite
2021-06-15 00:00:00
ubuntucve
ubuntucve
CVE-2021-34363
2021-06-10 00:00:00
prion
prion
Path traversal
2021-06-10 11:15:00
fedora
fedora
[SECURITY] Fedora 35 Update: thefuck-3.32-1.fc35
2022-01-19 02:12:42
[SECURITY] Fedora 34 Update: thefuck-3.32-1.fc34
2022-01-19 01:54:38
cvelist
cvelist
CVE-2021-34363
2021-06-10 10:07:03
nvd
nvd
CVE-2021-34363
2021-06-10 11:15:09
debiancve
debiancve
CVE-2021-34363
2021-06-10 11:15:09
github
github
The Fuck Arbitrary File Deletion via Path Traversal
2021-06-15 15:49:01