PT-2019-6939 · Scipy · Scipy

Marcus Meissner

Published

2013-11-20

Updated

2022-05-05

CVE-2013-4251

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SciPy versions prior to 0.12.1

Description The issue concerns the creation of insecure temporary directories by the scipy.weave component in SciPy. This could potentially lead to security issues, although specific details about exploitation or affected devices are not provided.

Recommendations For versions prior to 0.12.1, update to version 0.12.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the scipy.weave component until the update is applied.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2013-4251

DLA-26-1

GHSA-XP76-357G-9WQQ

MGASA-2013-0330

PYSEC-2019-156

Affected Products

Scipy

PT-2019-6939 · Scipy · Scipy

CVE-2013-4251

Weakness Enumeration

Related Identifiers

Affected Products

References · 23