Description
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Books Gallery Cross-Site Request Forgery (4.4.8)
WebLogic CVE-2024-21234 Vulnerability (CVE-2024-21234)
WordPress Plugin WordPress Automatic Security Bypass (3.53.2)
PHP Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2023-0567)
WordPress Plugin CAPTCHA in Thai Multiple Cross-Site Scripting Vulnerabilities (1.1)