{"id":"PYSEC-2014-84","details":"The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.","aliases":["CVE-2014-1839","GHSA-g5m2-22h2-rr3j"],"modified":"2023-11-08T03:57:35.247390Z","published":"2014-03-11T19:37:00Z","references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00085.html"},{"type":"WEB","url":"http://www.logilab.org/ticket/207562"},{"type":"ADVISORY","url":"http://secunia.com/advisories/57209"},{"type":"WEB","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051"},{"type":"WEB","url":"http://comments.gmane.org/gmane.comp.security.oss.general/11986"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-g5m2-22h2-rr3j"}],"affected":[{"package":{"name":"logilab-common","ecosystem":"PyPI","purl":"pkg:pypi/logilab-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.60.1"}]}],"versions":["0.28.1","0.38.0","0.38.1","0.39.0","0.43.0","0.44.0","0.46.0","0.46.1","0.47.0","0.48.1","0.49.0","0.50.0","0.50.1","0.50.2","0.50.3","0.51.0","0.51.1","0.52.0","0.52.1","0.53.0","0.54.0","0.55.0","0.55.2","0.56.0","0.56.1","0.56.2","0.57.0","0.57.1","0.58.1","0.58.3","0.59.0","0.59.1","0.60.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/logilab-common/PYSEC-2014-84.yaml"}}],"schema_version":"1.7.3"}