{"id":"PYSEC-2018-99","details":"pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.","aliases":["CVE-2011-2765","GHSA-xrr4-74mc-rpjc"],"modified":"2023-11-08T03:57:00.374823Z","published":"2018-08-20T13:29:00Z","references":[{"type":"WEB","url":"https://pythonhosted.org/Pyro/12-changes.html"},{"type":"FIX","url":"https://github.com/irmen/Pyro3/commit/554e095a62c4412c91f981e72fd34a936ac2bf1e"},{"type":"WEB","url":"https://bugs.debian.org/631912"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-xrr4-74mc-rpjc"}],"affected":[{"package":{"name":"pyro","ecosystem":"PyPI","purl":"pkg:pypi/pyro"},"ranges":[{"type":"GIT","repo":"https://github.com/irmen/Pyro3","events":[{"introduced":"0"},{"fixed":"554e095a62c4412c91f981e72fd34a936ac2bf1e"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.15"}]}],"versions":["3.10","3.11","3.12","3.13","3.14","3.9.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pyro/PYSEC-2018-99.yaml"}}],"schema_version":"1.7.3"}