GHSA-xwg2-qc6c-7c3q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xwg2-qc6c-7c3q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xwg2-qc6c-7c3q/GHSA-xwg2-qc6c-7c3q.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-xwg2-qc6c-7c3q
- Aliases
- Published
- 2022-05-17T05:40:10Z
- Modified
- 2024-12-02T05:32:44.212408Z
- Summary
- Fabric vulnerable to symlink attack on tmp files
- Details
-
Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a
/tmp/fab.*.tarfile or (2) certain other files in the top level of/tmp/. - Database specific
{ "nvd_published_at": "2011-07-27T02:55:00Z", "cwe_ids": [ "CWE-59" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-01-19T18:16:49Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2011-2185
- https://github.com/fabric/fabric/commit/3445b5653cd297039443110548fb3cab2e8e25af
- https://github.com/fabric/fabric/commit/d7470d2db919ffcee80c245cf87e6d8d4ba6909c
- https://bugzilla.redhat.com/show_bug.cgi?id=710462
- https://github.com/fabric/fabric
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629003
- http://code.fabfile.org/projects/fabric/files/Fabric-1.1.0.tar.gz
- http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062534.html
- http://www.openwall.com/lists/oss-security/2011/06/03/5
- http://www.openwall.com/lists/oss-security/2011/06/06/12
Affected packages
PyPI / fabric
Package
- Name
- fabric
- View open source insights on deps.dev
- Purl
- pkg:pypi/fabric