logilab-common@0.54.0 vulnerabilities
collection of low-level Python packages and modules used by Logilab projects
-
latest version
2.0.0
-
latest non vulnerable version
-
first published
16 years ago
-
latest version published
10 months ago
-
licenses detected
- [0.50.0,)
Direct Vulnerabilities
Known vulnerabilities in the logilab-common package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Insecure use of temporary file attacks. The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file. How to fix Insecure use of temporary file? Upgrade to version |
[0.38.1,0.61.0)
|
Affected versions of this package are vulnerable to Insecure use of temporary file attacks. The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf. How to fix Arbitrary File Access? Upgrade to version |
[0.38.1,0.61.0)
|