CVE-2021-34363 — Path Traversal in Fuck Project THE Fuck

CWE-22 — Path Traversal5 documents4 sources

Severity

9.1CRITICALNVD

EPSS

1.1%

top 21.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

3

THE Fuck Project THE Fuck Debian Thefuck Fedoraproject Fedora

Timeline

PublishedJun 10

Latest updateJun 15

Description

The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶debiandebian/thefuck< thefuck 3.29-0.3 (bookworm)

▶NVDthe_fuck_project/the_fuck< 3.31

Also affects: Fedora 34, 35

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

3

OSV

The Fuck Arbitrary File Deletion via Path Traversal↗2021-06-15

▶

GHSA

The Fuck Arbitrary File Deletion via Path Traversal↗2021-06-15

▶

OSV

CVE-2021-34363: The thefuck (aka The Fuck) package before 3↗2021-06-10

▶

📋Vendor Advisories

1

Debian

CVE-2021-34363: thefuck - The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal ...↗2021

▶

CVE-2021-34363 — Path Traversal | cvebase