CVE-2022-35861
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-35861
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-35861.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-35861
- Related
- Published
- 2022-07-17T17:15:08Z
- Modified
- 2025-01-08T14:15:02.141299Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. (Shims are executables that pass a command along to a specific version of pyenv. The version string is used to construct the path to the command, and there is no validation of whether the version specified is a valid version. Thus, relative path traversal can occur.)
- References
Affected packages
Git / github.com/pyenv/pyenv
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pyenv/pyenv
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
1.*
1.2.24
1.2.24.1
1.2.25
1.2.26
1.2.27
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.2.0
v0.2.1
v0.3.0
v0.4.0
v0.4.0-20130613
v0.4.0-20130726
v0.4.0-20131023
v0.4.0-20131116
v0.4.0-20131216
v0.4.0-20131217
v0.4.0-20140110
v0.4.0-20140110.1
v0.4.0-20140123
v0.4.0-20140211
v0.4.0-20140311
v0.4.0-20140317
v0.4.0-20140404
v0.4.0-20140516
v0.4.0-20140520
v0.4.0-20140602
v1.*
v1.0.0
v1.0.10
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.2.0
v1.2.1
v1.2.10
v1.2.11
v1.2.12
v1.2.13
v1.2.14
v1.2.15
v1.2.16
v1.2.17
v1.2.18
v1.2.19
v1.2.2
v1.2.20
v1.2.21
v1.2.22
v1.2.23
v1.2.24
v1.2.24.1
v1.2.25
v1.2.26
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.2.9
v2.*
v2.0.0
v2.0.0-rc1
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.1.0
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.4-1
v2.2.5
v2.3.0
v2.3.1
v2.3.2
Other
v20140614
v20140615
v20140628
v20140705
v20140825
v20140924
v20141008
v20141011
v20141012
v20141106
v20141118
v20141127
v20141211
v20150124
v20150204
v20150326
v20150524
v20150601
v20150719
v20150901
v20150913
v20151006
v20151103
v20151105
v20151124
v20151210
v20151222
v20160202
v20160303
v20160422
v20160509
v20160628
v20160629
v20160726