PT-2022-17711 · Poetry · Poetry

Paul Gerste

Published

2022-03-21

Updated

2023-10-24

CVE-2022-26184

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Poetry versions 1.1.9 and below

Description The issue is related to an untrusted search path in Poetry, which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This occurs when the application is run on Windows OS.

Recommendations For versions 1.1.9 and below, update to a version above 1.1.9 to resolve the issue. As a temporary workaround, consider avoiding the execution of Poetry commands in directories that may contain malicious content.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

CVE-2022-26184

GHSA-XR2C-5W89-63PV

PYSEC-2022-234

Affected Products

Poetry

PT-2022-17711 · Poetry · Poetry

CVE-2022-26184

Weakness Enumeration

Related Identifiers

Affected Products

References · 16