GHSA-5pjj-7m4p-wfh2, CVE-2010-4338
pypi/ocrodjvu
Improper Link Resolution Before File Access ('Link Following')
ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine.
Version 0.4.6-1
Upgrade to version 0.4.6-2 or above.
2024-02-09
source |