{"id":"PYSEC-2024-175","details":"WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation.","aliases":["CVE-2024-34528","GHSA-23qq-p4gq-gc2g"],"modified":"2025-01-18T22:56:51.268442Z","published":"2024-05-06T00:15:10Z","references":[{"type":"REPORT","url":"https://github.com/WordOps/WordOps/issues/611"},{"type":"WEB","url":"https://github.com/WordOps/WordOps/blob/ecf20192c7853925e2cb3f8c8378cd0d86ca0d62/wo/cli/plugins/stack_pref.py#L77"}],"affected":[{"package":{"name":"wordops","ecosystem":"PyPI","purl":"pkg:pypi/wordops"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.21.3"}]}],"versions":["3.10.0","3.10.1","3.10.2","3.10.3","3.11.0","3.11.1","3.11.2","3.11.3","3.11.4","3.12.0","3.12.1","3.12.2","3.12.3","3.12.4","3.13.0","3.13.1","3.13.2","3.14.0","3.14.1","3.14.2","3.15.0","3.15.1","3.15.2","3.15.3","3.15.4","3.16.0","3.16.1","3.16.2","3.16.3","3.17.0","3.18.0","3.18.1","3.19.0","3.19.1","3.20.0","3.21.0","3.21.1","3.21.2","3.9.9.2","3.9.9.4"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/wordops/PYSEC-2024-175.yaml"}}],"schema_version":"1.7.3"}