CVE-2011-2765: Pyro mishandles pid files in temporary directory locations and opening the pid file as root
(updated )
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.
References
- bugs.debian.org/631912
- github.com/advisories/GHSA-xrr4-74mc-rpjc
- github.com/irmen/Pyro3
- github.com/irmen/Pyro3/commit/554e095a62c4412c91f981e72fd34a936ac2bf1e
- github.com/pypa/advisory-database/tree/main/vulns/pyro/PYSEC-2018-99.yaml
- nvd.nist.gov/vuln/detail/CVE-2011-2765
- pythonhosted.org/Pyro/12-changes.html
Code Behaviors & Features
Detect and mitigate CVE-2011-2765 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →