Skip to content

WordOps has TOCTOU race condition

Moderate severity GitHub Reviewed Published May 6, 2024 to the GitHub Advisory Database • Updated May 6, 2024

Package

pip wordops (pip)

Affected versions

<= 3.20.0

Patched versions

None

Description

WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation.

References

Published by the National Vulnerability Database May 6, 2024
Published to the GitHub Advisory Database May 6, 2024
Reviewed May 6, 2024
Last updated May 6, 2024

Severity

Moderate

Weaknesses

No CWEs

CVE ID

CVE-2024-34528

GHSA ID

GHSA-23qq-p4gq-gc2g

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.