{"id":"CVE-2022-26184","details":"Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.","aliases":["GHSA-xr2c-5w89-63pv","PYSEC-2022-234"],"modified":"2026-03-14T11:29:44.123391Z","published":"2022-03-21T22:15:08.030Z","references":[{"type":"ADVISORY","url":"https://github.com/python-poetry/poetry/releases/tag/1.1.9"},{"type":"FIX","url":"https://github.com/python-poetry/poetry-core/pull/205/commits/fa9cb6f358ae840885c700f954317f34838caba7"},{"type":"ARTICLE","url":"https://www.sonarsource.com/blog/securing-developer-tools-package-managers/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python-poetry/poetry","events":[{"introduced":"0"},{"last_affected":"69bd6820e320f84900103fdf867e24b355d6aa5d"},{"fixed":"69bd6820e320f84900103fdf867e24b355d6aa5d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.1.9"}]}}],"versions":["0.1.0","0.10.0","0.10.1","0.10.2","0.10.3","0.11.0","0.11.1","0.11.2","0.11.3","0.11.4","0.11.5","0.12.0","0.12.0a0","0.12.0a1","0.12.0a2","0.12.0a3","0.12.0a4","0.12.0a5","0.12.1","0.12.10","0.12.11","0.12.12","0.12.13","0.12.14","0.12.15","0.12.16","0.12.17","0.12.2","0.12.3","0.12.4","0.12.5","0.12.6","0.12.7","0.12.8","0.12.9","0.2.0","0.3.0","0.4.0","0.4.1","0.4.2","0.5.0","0.6.0","0.6.1","0.6.2","0.6.3","0.6.4","0.6.5","0.7.0","0.7.1","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4","0.8.5","0.8.6","0.9.0","0.9.1","1.0.0","1.0.0a0","1.0.0a1","1.0.0a2","1.0.0a3","1.0.0a4","1.0.0a5","1.0.0b1","1.0.0b2","1.0.0b3","1.0.0b4","1.0.0b5","1.0.0b6","1.0.0b7","1.0.0b8","1.0.0b9","1.0.1","1.0.10","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.1.0","1.1.0a1","1.1.0a2","1.1.0a3","1.1.0b1","1.1.0b2","1.1.0b3","1.1.0b4","1.1.0rc1","1.1.2","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-26184.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}