{"id":"PYSEC-2018-86","details":"Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1.","aliases":["CVE-2018-1002150","GHSA-6mww-xvh7-fq4f"],"modified":"2023-11-08T03:59:42.097646Z","published":"2018-04-04T20:29:00Z","references":[{"type":"WEB","url":"https://pagure.io/koji/issue/850"},{"type":"WEB","url":"https://docs.pagure.org/koji/CVE-2018-1002150/"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-6mww-xvh7-fq4f"}],"affected":[{"package":{"name":"koji","ecosystem":"PyPI","purl":"pkg:pypi/koji"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.15.1"}]}],"versions":["1.15.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/koji/PYSEC-2018-86.yaml"}}],"schema_version":"1.7.3"}