PYSEC-2021-29

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/octoprint/PYSEC-2021-29.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2021-29

Aliases

CVE-2021-32560
GHSA-x9rq-fjp5-qgm9

Published

2021-05-11T14:15:00Z

Modified

2024-04-22T23:12:27.121482Z

Summary

[none]

Details

The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files.

References

https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0
https://www.brzozowski.io
https://octoprint.org/blog/2021/04/27/new-release-1.6.0/

Affected packages

PyPI / octoprint

Package

Name: octoprint; View open source insights on deps.dev
Purl: pkg:pypi/octoprint

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.0

Affected versions

1.*

1.3.11

1.3.12rc1

1.3.12rc3

1.3.12

1.4.0rc1

1.4.0rc2

1.4.0rc3

1.4.0rc4

1.4.0rc5

1.4.0rc6

1.4.0

1.4.1rc1

1.4.1rc2

1.4.1rc3

1.4.1rc4

1.4.1

1.4.2

1.5.0rc1

1.5.0rc2

1.5.0rc3

1.5.0

1.5.1

1.5.2

1.5.3

1.6.0rc1

1.6.0rc2

1.6.0rc3