OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
8e5d566ef0fa1eb30b0d714b8d96e09cc72fafe8
advisory-db/crates/pleaser/RUSTSEC-2021-0102.md
github-actions[bot] 9dbe26271a Assigned RUSTSEC-2021-0102 to pleaser (#1027) 
Co-authored-by: alex <alex@users.noreply.github.com>
2021-09-09 17:47:42 -04:00

522 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0102"
package = "pleaser"
date = "2021-05-27"
url = "https://nvd.nist.gov/vuln/detail/CVE-2021-31154"
categories = ["privilege-escalation"]
cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
aliases = ["CVE-2021-31154"]
[versions]
patched = [">= 0.4"]

Permissions bypass in pleaser

pleaseedit in pleaser before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.