CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
59.0%
Severity: Medium
Date : 2021-06-15
CVE-ID : CVE-2021-34363
Package : thefuck
Type : arbitrary file overwrite
Remote : No
Link : https://security.archlinux.org/AVG-2062
The package thefuck before version 3.31-1 is vulnerable to arbitrary
file overwrite.
Upgrade to 3.31-1.
The problem has been fixed upstream in version 3.31.
None.
The thefuck package before 3.31 allows path traversal that leads to
arbitrary file deletion via the “undo archive operation” feature.
An attacker could delete arbitrary files by tricking a user to use the
“undo archive operation” feature on a crafted archive file.
https://vuln.ryotak.me/advisories/48
https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092
https://security.archlinux.org/CVE-2021-34363
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
59.0%