Vulnerability Description
The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| The Fuck Project | The Fuck | < 3.31 |
| Fedoraproject | Fedora | 34 |
Related Weaknesses (CWE)
References
- https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092PatchThird Party Advisory
- https://github.com/nvbn/thefuck/releases/tag/3.31Release NotesThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://vuln.ryotak.me/advisories/48Third Party Advisory
- https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092PatchThird Party Advisory
- https://github.com/nvbn/thefuck/releases/tag/3.31Release NotesThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://vuln.ryotak.me/advisories/48Third Party Advisory
FAQ
What is CVE-2021-34363?
CVE-2021-34363 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.
How severe is CVE-2021-34363?
CVE-2021-34363 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-34363?
Check the references section above for vendor advisories and patch information. Affected products include: The Fuck Project The Fuck, Fedoraproject Fedora.