Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/logilab-common@0.46.0

Type pypi

Namespace

Name logilab-common

Version 0.46.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.60.1

Latest_non_vulnerable_version 0.61.0

Affected_by_vulnerabilities

url VCID-4tzc-1ykk-uydm

vulnerability_id VCID-4tzc-1ykk-uydm

summary The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.

references

reference_url	http://comments.gmane.org/gmane.comp.security.oss.general/11986
reference_id
reference_type
scores
url	http://comments.gmane.org/gmane.comp.security.oss.general/11986

reference_url	http://lists.opensuse.org/opensuse-updates/2014-02/msg00085.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2014-02/msg00085.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051
reference_id
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051

reference_url	http://secunia.com/advisories/57209
reference_id
reference_type
scores
url	http://secunia.com/advisories/57209

reference_url	https://github.com/advisories/GHSA-rr52-wg7f-8875
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-rr52-wg7f-8875

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/logilab-common/PYSEC-2014-83.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/logilab-common/PYSEC-2014-83.yaml

reference_url	http://www.logilab.org/ticket/207561
reference_id
reference_type
scores
url	http://www.logilab.org/ticket/207561

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2014-1838
reference_id	CVE-2014-1838
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2014-1838

fixed_packages

url	pkg:pypi/logilab-common@0.60.1
purl	pkg:pypi/logilab-common@0.60.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/logilab-common@0.60.1

url	pkg:pypi/logilab-common@0.61.0
purl	pkg:pypi/logilab-common@0.61.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/logilab-common@0.61.0

aliases CVE-2014-1838, GHSA-rr52-wg7f-8875, PYSEC-2014-83

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4tzc-1ykk-uydm

url VCID-5z59-jfr9-y3hj

vulnerability_id VCID-5z59-jfr9-y3hj

summary The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.

references

reference_url	http://comments.gmane.org/gmane.comp.security.oss.general/11986
reference_id
reference_type
scores
url	http://comments.gmane.org/gmane.comp.security.oss.general/11986

reference_url	http://lists.opensuse.org/opensuse-updates/2014-02/msg00085.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2014-02/msg00085.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051
reference_id
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051

reference_url	http://secunia.com/advisories/57209
reference_id
reference_type
scores
url	http://secunia.com/advisories/57209

reference_url	https://github.com/advisories/GHSA-g5m2-22h2-rr3j
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-g5m2-22h2-rr3j

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/logilab-common/PYSEC-2014-84.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/logilab-common/PYSEC-2014-84.yaml

reference_url	http://www.logilab.org/ticket/207562
reference_id
reference_type
scores
url	http://www.logilab.org/ticket/207562

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2014-1839
reference_id	CVE-2014-1839
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2014-1839

fixed_packages

url	pkg:pypi/logilab-common@0.60.1
purl	pkg:pypi/logilab-common@0.60.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/logilab-common@0.60.1

url	pkg:pypi/logilab-common@0.61.0
purl	pkg:pypi/logilab-common@0.61.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/logilab-common@0.61.0

aliases CVE-2014-1839, GHSA-g5m2-22h2-rr3j, PYSEC-2014-84

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5z59-jfr9-y3hj

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/logilab-common@0.46.0

Package Instance