Homepage

logilab-common@0.44.0 vulnerabilities

collection of low-level Python packages and modules used by Logilab projects

  • latest version

    2.1.0

  • latest non vulnerable version

    2.1.0

  • first published

    16 years ago

  • latest version published

    3 months ago

  • licenses detected

    • GPL-2.0
      [0.38.1,0.39.0); [0.44.0,0.46.0)
  • View logilab-common package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the logilab-common package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Insecure use of temporary file

    logilab-common is a collection of low-level Python packages and modules used by Logilab projects

    Affected versions of this package are vulnerable to Insecure use of temporary file attacks. The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.

    How to fix Insecure use of temporary file?

    Upgrade to version 0.61.0 or greater.

    [0.38.1,0.61.0)
    • M
    Arbitrary File Access

    logilab-common is a collection of low-level Python packages and modules used by Logilab projects

    Affected versions of this package are vulnerable to Insecure use of temporary file attacks. The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.

    How to fix Arbitrary File Access?

    Upgrade to version 0.61.0 or greater.

    [0.38.1,0.61.0)
    Go back to all versions of this package