CVE-2017-0359 – diffoscope

Package

Manager: pip
Name: diffoscope
Vulnerable Version: >=0 <76

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00535 pctl0.66467

Details

Diffoscope may write to arbitrary locations due to an untrusted archive diffoscope before 76 writes to arbitrary locations on disk based on the contents of an untrusted archive.

Metadata

Created: 2018-07-13T16:01:21Z
Modified: 2024-09-16T13:49:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-8p5c-f328-9fvv/GHSA-8p5c-f328-9fvv.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-8p5c-f328-9fvv
Finding: F063
Auto approve: 1