CVE-2011-2765 – pyro

Package

Manager: pip
Name: pyro
Vulnerable Version: >=0 <3.15

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00433 pctl0.6187

Details

Pyro mishandles pid files in temporary directory locations and opening the pid file as root pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.

Metadata

Created: 2018-08-21T17:01:29Z
Modified: 2024-10-15T16:14:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/08/GHSA-xrr4-74mc-rpjc/GHSA-xrr4-74mc-rpjc.json
CWE IDs: ["CWE-59"]
Alternative ID: GHSA-xrr4-74mc-rpjc
Finding: F076
Auto approve: 1