logilab-common
PyPI2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting logilab-commonpage 1 of 1
- CVE-2014-1838NONECVSS 0.0EG 0.0✓ Fixed in 0.60.12014-03-11
vulnerable: 0.28.1 ... 0.60.0 (33 versions)
The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.
- CVE-2014-1839NONECVSS 0.0EG 0.0✓ Fixed in 0.60.12014-03-11
vulnerable: 0.28.1 ... 0.60.0 (33 versions)
The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.
Check whether logilab-common is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for logilab-common CVEs against the assets you own.
Start Free Scan →