CVE-2014-1604

Published: Jan 28, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20140114 Fwd: [Python-modules-team] Bug#735263: python-rply: insecure use of /tmp

mailing-list

x_refsource_MLIST

rply-cve20141604-insecure-permissions(90593)

vdb-entry

x_refsource_XF

102202

vdb-entry

x_refsource_OSVDB

56429

third-party-advisory

x_refsource_SECUNIA

https://github.com/alex/rply/commit/fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7c

x_refsource_CONFIRM

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735263

x_refsource_CONFIRM

[oss-security] 20140117 Re: Fwd: [Python-modules-team] Bug#735263: python-rply: insecure use of /tmp

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-1604

Description

Affected Products

References