Tsigouris007

**Name of the Vulnerable Software and Affected Versions** AIOHTTP versions prior to 3.14.0 **Description** Using the `CookieJar.load()` function with untrusted input may allow arbitrary code execution. This issue is unlikely to affect many applications as most use this function with the user's own data. **Recommendations** Update to version 3.14.0. As a temporary workaround for older releases, sanitize files before loading if the application allows attacker-controlled files to be loaded.

**Name of the Vulnerable Software and Affected Versions** Pallets Click versions 8.3.2 and earlier **Description** A command injection issue exists in the `click.edit()` function, which allows an unprivileged account to execute arbitrary operating system commands. **Recommendations** Update to a version later than 8.3.2. As a temporary workaround, consider restricting the use of the `click.edit()` function.

**Name of the Vulnerable Software and Affected Versions** python-dotenv versions prior to 1.2.2 **Description** The `set key()` and `unset key()` functions in python-dotenv follow symbolic links when rewriting .env files. This occurs when the `rewrite()` context manager in `dotenv/main.py` writes to a temporary file in the system default directory and attempts to move it to the target location using `shutil.move()`. If the target is a symbolic link and the temporary directory is on a different filesystem, `shutil.move()` falls back to `shutil.copy2()`, which follows symbolic links by default. A local attacker with write access to the directory containing the .env file can create a crafted symlink to overwrite arbitrary files that the application process has permission to modify, potentially leading to integrity violations, denial of service, or privilege escalation. **Recommendations** Upgrade to version 1.2.2.

**Name of the Vulnerable Software and Affected Versions** jaraco.context versions prior to 6.1.0 **Description** jaraco.context, a software package providing decorators and context managers, contains a path traversal issue in the `jaraco.context.tarball()` function. The issue allows attackers to extract files outside the intended directory when processing malicious tar archives. The vulnerability arises because the `strip first component` filter incorrectly handles `../` sequences within paths, enabling traversal attacks. This is also susceptible to nested tarball attacks involving multi-level tar files. The `tarball()` function is vulnerable. **Recommendations** Update jaraco.context to version 6.1.0 or later.

**Name of the Vulnerable Software and Affected Versions** filelock versions prior to 3.20.3 **Description** A race condition exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a timing issue between permission validation and file creation. This race condition occurs in the ` acquire()` method between `raise on not writable file()` and `os.open()`. An attacker can create a symlink at the lock file path, potentially causing the lock to operate on an unintended target file or leading to denial of service. **Recommendations** Upgrade to filelock version 3.20.3 or later.

**Name of the Vulnerable Software and Affected Versions** pyasn1 versions prior to 0.6.2 **Description** pyasn1, a generic ASN.1 library for Python, contains a denial-of-service issue. The issue stems from incorrect handling of malformed RELATIVE-OIDs with excessive continuation octets during decoding. An attacker can exploit this by providing a crafted input that causes the library to consume excessive memory, potentially leading to a denial of service. The vulnerability is triggered by the `decode` function when processing maliciously crafted ASN.1 data. The issue can affect systems utilizing pyasn1 for tasks such as LDAP servers, TLS/SSL endpoints, and OCSP responders. A proof-of-concept demonstrates the ability to exhaust memory by sending a payload with numerous continuation octets. **Recommendations** Update pyasn1 to version 0.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** virtualenv versions prior to 20.36.1 **Description** virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, Time-of-Check-Time-of-Use (TOCTOU) vulnerabilities exist in virtualenv that allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's app data and lock file operations to attacker-controlled locations. The vulnerability affects the `directory creation` operations. **Recommendations** Update virtualenv to version 20.36.1 or later.