crates.io package

pleaser

pkg:cargo/pleaser

Vulnerabilities (4)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-46277	—	<= 0.5.4	—	Oct 20, 2023	please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)
CVE-2021-31155	—	< 0.4.0	0.4.0	May 27, 2021	Failure to normalize the umask in please before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at least one command.
CVE-2021-31154	—	< 0.4.0	0.4.0	May 27, 2021	pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.
CVE-2021-31153	—	< 0.4.0	0.4.0	May 27, 2021	please before 0.4 allows a local unprivileged attacker to gain knowledge about the existence of files or directories in privileged locations via the search_path function, the --check option, or the -d option.

CVE-2023-46277Oct 20, 2023
affected <= 0.5.4
please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)
CVE-2021-31155May 27, 2021
affected < 0.4.0fixed 0.4.0
Failure to normalize the umask in please before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at least one command.
CVE-2021-31154May 27, 2021
affected < 0.4.0fixed 0.4.0
pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.
CVE-2021-31153May 27, 2021
affected < 0.4.0fixed 0.4.0
please before 0.4 allows a local unprivileged attacker to gain knowledge about the existence of files or directories in privileged locations via the search_path function, the --check option, or the -d option.