CVE-2022-26184

Опубликовано: 21 мар. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.

Ссылки

https://github.com/python-poetry/poetry-core/pull/205/commits/fa9cb6f358ae840885c700f954317f34838caba7
Patch
Third Party Advisory
https://github.com/python-poetry/poetry/releases/tag/1.1.9
Release Notes
Third Party Advisory
https://www.sonarsource.com/blog/securing-developer-tools-package-managers/
https://github.com/python-poetry/poetry-core/pull/205/commits/fa9cb6f358ae840885c700f954317f34838caba7
Patch
Third Party Advisory
https://github.com/python-poetry/poetry/releases/tag/1.1.9
Release Notes
Third Party Advisory
https://www.sonarsource.com/blog/securing-developer-tools-package-managers/

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:python-poetry:poetry:*:*:*:*:*:*:*:*

Версия до 1.1.9 (включая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00597

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-426

Связанные уязвимости

CVE-2022-26184

CVSS3: 9.8

ubuntu

почти 4 года назад

CVE-2022-26184

CVSS3: 9.8

debian

почти 4 года назад

Poetry v1.1.9 and below was discovered to contain an untrusted search ...

GHSA-xr2c-5w89-63pv

CVSS3: 9.8

github

почти 4 года назад

Poetry before v1.1.9 contains Untrusted Search Path

EPSS

Процентиль: 69%

0.00597

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-426