CVE-2013-2217 – suds-py3

Package

Manager: pip
Name: suds-py3
Vulnerable Version: >=0 <1.4.4.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00075 pctl0.23179

Details

Improper Link Resolution Before File Access in Suds cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.

Metadata

Created: 2022-05-14T01:08:23Z
Modified: 2024-10-28T14:37:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vpqp-hx68-p2wx/GHSA-vpqp-hx68-p2wx.json
CWE IDs: ["CWE-59"]
Alternative ID: GHSA-vpqp-hx68-p2wx
Finding: F076
Auto approve: 1