CVE-2022-35861

Published: Jul 17, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. (Shims are executables that pass a command along to a specific version of pyenv. The version string is used to construct the path to the command, and there is no validation of whether the version specified is a valid version. Thus, relative path traversal can occur.)

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/pyenv/pyenv/commit/22fa683571d98b59ea16e5fe48ac411c67939653

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-35861

Description

Affected Products

References