—
PYSEC-2026-622
Cheetah Path Search Order Hijacking
상세
Cheetah 0.9.15 and 0.9.16 searches the `/tmp` directory for modules before using the paths in the `PYTHONPATH` variable, which allows local users to execute arbitrary code via a malicious module in `/tmp/`.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
PyPI / cheetah
최초 영향 버전:
0.9.15 No fixed version published yet for cheetah (pip). Pin to a known-safe version or switch to an alternative.
참고
- https://nvd.nist.gov/vuln/detail/CVE-2005-1632 [ADVISORY]
- https://github.com/cheetahtemplate/cheetah [PACKAGE]
- https://web.archive.org/web/20050430021153/http://sourceforge.net/mailarchive/forum.php?thread_id=7070332&forum_id=1542 [WEB]
- https://pypi.org/project/cheetah [PACKAGE]
- https://github.com/advisories/GHSA-vxf2-7rc3-pxmx [ADVISORY]