Description

os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.

Remediation

References

CVE-2002-1119

Related Vulnerabilities

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-30177)

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31547)

Dolphin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3167)

WordPress Plugin WP Social Sharing Cross-Site Scripting (2.2)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-11588)

Severity

Medium

Classification

CVE-2002-1119

Tags

Missing Update Known Vulnerabilities