CVE-2021-34363
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-34363
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-34363.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-34363
- Aliases
- Downstream
- Published
- 2021-06-10T11:15:09.357Z
- Modified
- 2025-11-14T12:00:14.993145Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MEDDLBFVRUQHPYIBJ4MFM3M4NUJUXL5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YA6UNQSOY6M3NJDZLS6YJXTS4WGDMEEJ/
- https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092
- https://github.com/nvbn/thefuck/releases/tag/3.31
- https://vuln.ryotak.me/advisories/48
Affected packages
Git / github.com/nvbn/thefuck
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nvbn/thefuck
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
1.*
1.13
1.14
1.15
1.16
1.17
1.18
1.19
1.20
1.21
1.22
1.23
1.24
1.26
1.27
1.28
1.29
1.30
1.31
1.32
1.33
1.34
1.35
1.36
1.37
1.38
1.39
1.40
1.41
1.42
1.43
1.44
1.45
1.46
1.47
1.48
1.49
1.49.1
2.*
2.0
2.1
2.2
2.3
2.4
2.5
2.5.4
2.5.6
2.6
2.7
2.8
2.9
2.9.1
3.*
3.0
3.1
3.10
3.11
3.12
3.13
3.14
3.15
3.16
3.17
3.18
3.19
3.2
3.20
3.21
3.22
3.23
3.24
3.25
3.26
3.27
3.28
3.29
3.3
3.30
3.4
3.5
3.6
3.7
3.8
3.9