CVE-2011-2765

Опубликовано: 20 авг. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.

Ссылки

https://bugs.debian.org/631912
Exploit
Issue Tracking
Third Party Advisory
https://github.com/irmen/Pyro3/commit/554e095a62c4412c91f981e72fd34a936ac2bf1e
Third Party Advisory
https://pythonhosted.org/Pyro/12-changes.html
Vendor Advisory
https://bugs.debian.org/631912
Exploit
Issue Tracking
Third Party Advisory
https://github.com/irmen/Pyro3/commit/554e095a62c4412c91f981e72fd34a936ac2bf1e
Third Party Advisory
https://pythonhosted.org/Pyro/12-changes.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pyro_project:pyro:*:*:*:*:*:*:*:*

Версия до 3.15 (исключая)

EPSS

Процентиль: 62%

0.00433

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-59

Связанные уязвимости

CVE-2011-2765

CVSS3: 7.5

ubuntu

больше 7 лет назад

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.

CVE-2011-2765

CVSS3: 7.5

debian

больше 7 лет назад

pyro before 3.15 unsafely handles pid files in temporary directory loc ...

GHSA-xrr4-74mc-rpjc

CVSS3: 7.5

github

больше 7 лет назад

Pyro mishandles pid files in temporary directory locations and opening the pid file as root

EPSS

Процентиль: 62%

0.00433

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-59