CVE-2014-1938: Link Following in rply

March 11, 2020 (updated October 26, 2024)

python-rply before 0.7.4 insecurely creates temporary files.

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=737627
github.com/advisories/GHSA-m8qc-mf6p-pfq9
github.com/alex/rply
github.com/alex/rply/commit/76d268a38c627bf4aebebcd064f5b6d380eb8b20
github.com/alex/rply/issues/42
github.com/pypa/advisory-database/tree/main/vulns/rply/PYSEC-2019-202.yaml
nvd.nist.gov/vuln/detail/CVE-2014-1938
security-tracker.debian.org/tracker/CVE-2014-1938

Detect and mitigate CVE-2014-1938 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →