High severity7.7OSV Advisory· Published May 6, 2024· Updated Apr 15, 2026
CVE-2024-34528
CVE-2024-34528
Description
WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
wordopsPyPI | < 3.21.0 | 3.21.0 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-23qq-p4gq-gc2gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-34528ghsaADVISORY
- github.com/WordOps/WordOps/blob/ecf20192c7853925e2cb3f8c8378cd0d86ca0d62/wo/cli/plugins/stack_pref.pynvdWEB
- github.com/WordOps/WordOps/commit/31353f0fef14ad8bc1f61c028971bd30b9e1909bghsaWEB
- github.com/WordOps/WordOps/issues/611nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/wordops/PYSEC-2024-175.yamlghsaWEB
News mentions
0No linked articles in our index yet.