Homepage

fabric@1.0.1 vulnerabilities

High level SSH command execution

  • latest version

    3.2.2

  • latest non vulnerable version

    3.2.2

  • first published

    17 years ago

  • latest version published

    1 years ago

  • licenses detected

  • View fabric package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the fabric package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Information Exposure

    fabric is a Fabric is a simple, Pythonic tool for remote execution and deployment. Fabric is vulnerable to information disclosure. When uploading templates using the upload_template() function, if the intended destination is invalid, the file ends up world-readable in the home folder.

    [0.9.0,1.13.1]
    • M
    Overwritable Files

    fabric is a Fabric is a simple, Pythonic tool for remote execution and deployment. Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.tar file or (2) certain other files in the top level of /tmp/.

    [,1.1.0]
    Go back to all versions of this package