{"id":"GHSA-8wwf-2644-f8x4","summary":"The Fuck Arbitrary File Deletion via Path Traversal","details":"The thefuck (aka _The Fuck_) is app that corrects errors in previous console commands. _The Fuck_ python package before 3.31 allows Path Traversal that leads to arbitrary file deletion via the `undo archive operation` feature.","aliases":["CVE-2021-34363","PYSEC-2021-97"],"modified":"2024-11-13T23:23:21.007345Z","published":"2021-06-15T15:49:01Z","database_specific":{"nvd_published_at":"2021-06-10T11:15:00Z","github_reviewed":true,"cwe_ids":["CWE-22"],"severity":"HIGH","github_reviewed_at":"2021-06-14T19:25:06Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-34363"},{"type":"WEB","url":"https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092"},{"type":"PACKAGE","url":"https://github.com/nvbn/thefuck"},{"type":"WEB","url":"https://github.com/nvbn/thefuck/releases/tag/3.31"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/thefuck/PYSEC-2021-97.yaml"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MEDDLBFVRUQHPYIBJ4MFM3M4NUJUXL5"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YA6UNQSOY6M3NJDZLS6YJXTS4WGDMEEJ"},{"type":"WEB","url":"https://vuln.ryotak.me/advisories/48"}],"affected":[{"package":{"name":"thefuck","ecosystem":"PyPI","purl":"pkg:pypi/thefuck"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.31"}]}],"versions":["0.1","1","1.0","1.1","1.11","1.12","1.13","1.14","1.15","1.16","1.17","1.18","1.19","1.2","1.20","1.21","1.22","1.23","1.26","1.27","1.28","1.29","1.3","1.30","1.31","1.32","1.33","1.34","1.35","1.36","1.37","1.38","1.39","1.4","1.40","1.41","1.42","1.43","1.44","1.45","1.46","1.47","1.48","1.49","1.49.1","1.5","1.6","1.7","1.8","1.9","1dev","2.0","2.1","2.2","2.3","2.4","2.5","2.5.1","2.5.2","2.5.3","2.5.4","2.5.5","2.5.6","2.6","2.7","2.8","2.9","2.9.1","3.0","3.1","3.10","3.11","3.12","3.13","3.14","3.15","3.16","3.17","3.18","3.19","3.2","3.20","3.21","3.22","3.23","3.24","3.25","3.26","3.27","3.28","3.29","3.3","3.30","3.4","3.5","3.6","3.7","3.8","3.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-8wwf-2644-f8x4/GHSA-8wwf-2644-f8x4.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"}]}