WEB APPLICATION VULNERABILITIES Standard & Premium

Python Untrusted Search Path Vulnerability (CVE-2008-5983)

Description

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

Remediation

References

Related Vulnerabilities

Ruby on Rails Missing Encryption of Sensitive Data Vulnerability (CVE-2010-3299)

WordPress Plugin WordPress Advanced Ticket System, Elite Support Helpdesk Cross-Site Scripting (1.0.63)

MySQL Other Vulnerability (CVE-2010-3681)

Moodle Other Vulnerability (CVE-2004-2235)

Apache HTTP Server Use of Uninitialized Resource Vulnerability (CVE-2020-1934)

Severity

Medium

Classification

CVE-2008-5983 CWE-426

Tags

Missing Update Known Vulnerabilities