{"id":"CVE-2024-34528","details":"WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation.","aliases":["GHSA-23qq-p4gq-gc2g","PYSEC-2024-175"],"modified":"2026-03-14T12:33:48.540777Z","published":"2024-05-06T00:15:10.263Z","references":[{"type":"WEB","url":"https://github.com/WordOps/WordOps/blob/ecf20192c7853925e2cb3f8c8378cd0d86ca0d62/wo/cli/plugins/stack_pref.py#L77"},{"type":"REPORT","url":"https://github.com/WordOps/WordOps/issues/611"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/WordOps/WordOps","events":[{"introduced":"0"},{"last_affected":"f7f0aa9cde92812be44eded0ccccaa1a5b68cd49"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.20.0"}]}}],"versions":["v3.10.0","v3.10.1","v3.10.2","v3.10.3","v3.11.0","v3.11.1","v3.11.2","v3.11.3","v3.11.4","v3.12.0","v3.12.1","v3.12.2","v3.12.3","v3.12.4","v3.13.0","v3.13.1","v3.13.2","v3.14.0","v3.14.1","v3.14.2","v3.15.0","v3.15.1","v3.15.2","v3.15.3","v3.15.4","v3.16.0","v3.16.1","v3.16.2","v3.16.3","v3.17.0","v3.18.0","v3.18.1","v3.19.0","v3.19.1","v3.20.0","v3.9.3","v3.9.4","v3.9.5","v3.9.5.2","v3.9.5.3","v3.9.5.4","v3.9.6","v3.9.6.1","v3.9.6.2","v3.9.7","v3.9.7.1","v3.9.7.2","v3.9.8","v3.9.8.1","v3.9.8.10","v3.9.8.11","v3.9.8.12","v3.9.8.2","v3.9.8.3","v3.9.8.4","v3.9.8.5","v3.9.8.6","v3.9.8.7","v3.9.8.8","v3.9.8.9","v3.9.9","v3.9.9.1","v3.9.9.2","v3.9.9.3","v3.9.9.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34528.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}