CVE-2014-1938: Link Following in rply
(updated )
python-rply before 0.7.4 insecurely creates temporary files.
References
- bugs.debian.org/cgi-bin/bugreport.cgi?bug=737627
- github.com/advisories/GHSA-m8qc-mf6p-pfq9
- github.com/alex/rply
- github.com/alex/rply/commit/76d268a38c627bf4aebebcd064f5b6d380eb8b20
- github.com/alex/rply/issues/42
- github.com/pypa/advisory-database/tree/main/vulns/rply/PYSEC-2019-202.yaml
- nvd.nist.gov/vuln/detail/CVE-2014-1938
- security-tracker.debian.org/tracker/CVE-2014-1938
Code Behaviors & Features
Detect and mitigate CVE-2014-1938 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →