Description
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.
Remediation
References
Related Vulnerabilities
WordPress Plugin Product list Widget for Woocommerce Cross-Site Scripting (1.0)
AngularJS Inefficient Regular Expression Complexity Vulnerability (CVE-2022-25844)
WordPress 5.4.x Directory Traversal (5.4 - 5.4.15)
WordPress Plugin WP Post Page Clone SQL Injection (1.0)
Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-7312)