Vulnerability Details CVE-2021-34363
The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.3%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092
- https://github.com/nvbn/thefuck/releases/tag/3.31
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MEDDLBFVRUQHPYIBJ4MFM3M4NUJUXL5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YA6UNQSOY6M3NJDZLS6YJXTS4WGDMEEJ/
- https://vuln.ryotak.me/advisories/48
- https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092
- https://github.com/nvbn/thefuck/releases/tag/3.31
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MEDDLBFVRUQHPYIBJ4MFM3M4NUJUXL5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YA6UNQSOY6M3NJDZLS6YJXTS4WGDMEEJ/
- https://vuln.ryotak.me/advisories/48
Products affected by CVE-2021-34363
-
cpe:2.3:a:the_fuck_project:the_fuck:*
-
cpe:2.3:o:fedoraproject:fedora:34
-
cpe:2.3:o:fedoraproject:fedora:35