CVE-2022-35861

Name of the Vulnerable Software and Affected Versions pyenv versions 1.2.24 through 2.3.2

Description The issue allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific version of pyenv. The version string is used to construct the path to the command, and there is no validation of whether the version specified is a valid version, thus allowing relative path traversal to occur.

Recommendations For pyenv versions 1.2.24 through 2.3.2, consider disabling the execution of shims based on version strings from .python-version files until a patch is available. Restrict access to the .python-version file to minimize the risk of exploitation. Avoid using crafted Python version strings in .python-version files to prevent relative path traversal.