logilab-common@0.44.0 vulnerabilities

collection of low-level Python packages and modules used by Logilab projects

latest version

2.0.0
latest non vulnerable version

2.0.0
first published

15 years ago
latest version published

7 months ago
licenses detected
- GPL-2.0
  [0.38.1,0.39.0); [0.44.0,0.46.0)
View logilab-common package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the logilab-common package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Insecure use of temporary file `logilab-common` is a collection of low-level Python packages and modules used by Logilab projects Affected versions of this package are vulnerable to Insecure use of temporary file attacks. The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file. How to fix Insecure use of temporary file? Upgrade to version `0.61.0` or greater.	[0.38.1,0.61.0)
M Arbitrary File Access `logilab-common` is a collection of low-level Python packages and modules used by Logilab projects Affected versions of this package are vulnerable to Insecure use of temporary file attacks. The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf. How to fix Arbitrary File Access? Upgrade to version `0.61.0` or greater.	[0.38.1,0.61.0)

Insecure use of temporary file

logilab-common is a collection of low-level Python packages and modules used by Logilab projects

Affected versions of this package are vulnerable to Insecure use of temporary file attacks. The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.

How to fix Insecure use of temporary file?

Upgrade to version 0.61.0 or greater.

[0.38.1,0.61.0)

Arbitrary File Access

logilab-common is a collection of low-level Python packages and modules used by Logilab projects

Affected versions of this package are vulnerable to Insecure use of temporary file attacks. The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.

How to fix Arbitrary File Access?

Upgrade to version 0.61.0 or greater.

[0.38.1,0.61.0)

Go back to all versions of this package

logilab-common@0.44.0 vulnerabilities

collection of low-level Python packages and modules used by Logilab projects

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities