{"id":"PYSEC-2020-175","details":"In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in \"onefile\" mode is launched by a privileged user (at least more than the current one) which have his \"TempPath\" resolving to a world writable directory. This is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\\Windows\\Temp). In order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade).","aliases":["CVE-2019-16784","GHSA-7fcj-pq9j-wh2r"],"modified":"2023-11-08T04:01:21.579285Z","published":"2020-01-14T20:15:00Z","references":[{"type":"ADVISORY","url":"https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-7fcj-pq9j-wh2r"}],"affected":[{"package":{"name":"pyinstaller","ecosystem":"PyPI","purl":"pkg:pypi/pyinstaller"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6"}]}],"versions":["1.5","1.5.1","2.0","2.1","3.0","3.1","3.1.1","3.2","3.2.1","3.3","3.3.1","3.4","3.5"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pyinstaller/PYSEC-2020-175.yaml"}}],"schema_version":"1.7.3"}