GHSA-xrr4-74mc-rpjc

Suggest an improvement
Source
https://github.com/advisories/GHSA-xrr4-74mc-rpjc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/08/GHSA-xrr4-74mc-rpjc/GHSA-xrr4-74mc-rpjc.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-xrr4-74mc-rpjc
Aliases
Published
2018-08-21T17:01:29Z
Modified
2024-10-16T02:46:41.606339Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Pyro mishandles pid files in temporary directory locations and opening the pid file as root
Details

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-59"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T22:04:21Z"
}
References

Affected packages

PyPI / pyro

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.15

Affected versions

3.*

3.9.1
3.10
3.11
3.12
3.13
3.14