CVE-2013-2217 – suds

Package

Manager: pip
Name: suds
Vulnerable Version: >=0 <1.0.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00073 pctl0.22624

Details

Improper Link Resolution Before File Access in Suds cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.

Metadata

Created: 2022-05-14T01:08:23Z
Modified: 2024-10-28T14:37:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vpqp-hx68-p2wx/GHSA-vpqp-hx68-p2wx.json
CWE IDs: ["CWE-59"]
Alternative ID: GHSA-vpqp-hx68-p2wx
Finding: F076
Auto approve: 1