logilab-common@0.44.0 vulnerabilities

collection of low-level Python packages and modules used by Logilab projects

Direct Vulnerabilities

Known vulnerabilities in the logilab-common package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Insecure use of temporary file

logilab-common is a collection of low-level Python packages and modules used by Logilab projects

Affected versions of this package are vulnerable to Insecure use of temporary file attacks. The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.

How to fix Insecure use of temporary file?

Upgrade to version 0.61.0 or greater.

[0.38.1,0.61.0)
  • M
Arbitrary File Access

logilab-common is a collection of low-level Python packages and modules used by Logilab projects

Affected versions of this package are vulnerable to Insecure use of temporary file attacks. The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.

How to fix Arbitrary File Access?

Upgrade to version 0.61.0 or greater.

[0.38.1,0.61.0)