{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56400?format=json","vulnerability_id":"VCID-nuw1-9kgr-tycd","summary":"Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). The initial security fix (6ce6136) introduced a regression which was subsequently resolved (42af5d3).","aliases":[{"alias":"CVE-2024-48991"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://github.com/liske/needrestart/commit/42af5d328901287a4f79d1f5861ac827a53fd56d","reference_id":"42af5d328901287a4f79d1f5861ac827a53fd56d","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:36:17Z/"}],"url":"https://github.com/liske/needrestart/commit/42af5d328901287a4f79d1f5861ac827a53fd56d"},{"reference_url":"https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59","reference_id":"6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:36:17Z/"}],"url":"https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59"},{"reference_url":"https://www.cve.org/CVERecord?id=CVE-2024-48991","reference_id":"CVERecord?id=CVE-2024-48991","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:36:17Z/"}],"url":"https://www.cve.org/CVERecord?id=CVE-2024-48991"},{"reference_url":"https://www.qualys.com/2024/11/19/needrestart/needrestart.txt","reference_id":"needrestart.txt","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:36:17Z/"}],"url":"https://www.qualys.com/2024/11/19/needrestart/needrestart.txt"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.8 - 7.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nuw1-9kgr-tycd"}