Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2008-5983

Опубликовано: 28 янв. 2009
Источник: nvd
CVSS2: 6.9
EPSS Низкий

Описание

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Версия до 2.6.6 (исключая)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Версия от 3.1.0 (включая) до 3.1.3 (исключая)
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

EPSS

Процентиль: 30%
0.0011
Низкий

6.9 Medium

CVSS2

Дефекты

CWE-426

Связанные уязвимости

ubuntu логотип

CVE-2008-5983

ubuntu
почти 17 лет назад

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

redhat логотип

CVE-2008-5983

redhat
около 17 лет назад

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

debian логотип

CVE-2008-5983

debian
почти 17 лет назад

Untrusted search path vulnerability in the PySys_SetArgv API function ...

github логотип

GHSA-4jhg-wfq8-3vgm

github
больше 3 лет назад

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

oracle-oval логотип

ELSA-2011-0027

oracle-oval
почти 15 лет назад

ELSA-2011-0027: python security, bug fix, and enhancement update (LOW)

EPSS

Процентиль: 30%
0.0011
Низкий

6.9 Medium

CVSS2

Дефекты

CWE-426