Moderate severityNVD Advisory· Published Jul 27, 2011· Updated Jun 16, 2026
CVE-2011-2185
CVE-2011-2185
Description
Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
fabricPyPI | < 1.1.0 | 1.1.0 |
Affected products
12cpe:2.3:a:fabfile:fabric:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:fabfile:fabric:*:*:*:*:*:*:*:*range: <=1.0.2
- cpe:2.3:a:fabfile:fabric:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:fabfile:fabric:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:fabfile:fabric:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:fabfile:fabric:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:fabfile:fabric:0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:fabfile:fabric:0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:fabfile:fabric:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:fabfile:fabric:0.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:fabfile:fabric:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:fabfile:fabric:1.0.1:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
10- code.fabfile.org/projects/fabric/files/Fabric-1.1.0.tar.gznvdPatchWEB
- github.com/advisories/GHSA-xwg2-qc6c-7c3qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-2185ghsaADVISORY
- bugs.debian.org/cgi-bin/bugreport.cginvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2011-July/062534.htmlnvdWEB
- www.openwall.com/lists/oss-security/2011/06/03/5nvdWEB
- www.openwall.com/lists/oss-security/2011/06/06/12nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/fabric/fabric/commit/3445b5653cd297039443110548fb3cab2e8e25afghsaWEB
- github.com/fabric/fabric/commit/d7470d2db919ffcee80c245cf87e6d8d4ba6909cghsaWEB
News mentions
0No linked articles in our index yet.