pysec-2024-175
Vulnerability from pysec
Published
2024-05-06 00:15
Modified
2025-01-18 22:21
Details

WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation.

Impacted products
Name purl
wordops pkg:pypi/wordops
Aliases


To clipboard 

{
   affected: [
      {
         package: {
            ecosystem: "PyPI",
            name: "wordops",
            purl: "pkg:pypi/wordops",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "0",
                  },
                  {
                     fixed: "3.21.3",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
         versions: [
            "3.10.0",
            "3.10.1",
            "3.10.2",
            "3.10.3",
            "3.11.0",
            "3.11.1",
            "3.11.2",
            "3.11.3",
            "3.11.4",
            "3.12.0",
            "3.12.1",
            "3.12.2",
            "3.12.3",
            "3.12.4",
            "3.13.0",
            "3.13.1",
            "3.13.2",
            "3.14.0",
            "3.14.1",
            "3.14.2",
            "3.15.0",
            "3.15.1",
            "3.15.2",
            "3.15.3",
            "3.15.4",
            "3.16.0",
            "3.16.1",
            "3.16.2",
            "3.16.3",
            "3.17.0",
            "3.18.0",
            "3.18.1",
            "3.19.0",
            "3.19.1",
            "3.20.0",
            "3.21.0",
            "3.21.1",
            "3.21.2",
            "3.9.9.2",
            "3.9.9.4",
         ],
      },
   ],
   aliases: [
      "CVE-2024-34528",
   ],
   details: "WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation.",
   id: "PYSEC-2024-175",
   modified: "2025-01-18T22:21:44.991242+00:00",
   published: "2024-05-06T00:15:10+00:00",
   references: [
      {
         type: "REPORT",
         url: "https://github.com/WordOps/WordOps/issues/611",
      },
      {
         type: "WEB",
         url: "https://github.com/WordOps/WordOps/blob/ecf20192c7853925e2cb3f8c8378cd0d86ca0d62/wo/cli/plugins/stack_pref.py#L77",
      },
   ],
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.