2.1

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2014-1604

GHSA ID

GHSA-9gcf-pq99-rjw3

EPSS Score

0.22982%

CWE

CWE-377

Published

5/17/2022

Updated

10/21/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2014-1604

CVE-2014-1604: RPLY Predictable Tmpfile Names Allows Cache Spoofing

The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2014-1604

CVE-2014-1604:

2.1

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2014-1604

GHSA ID

GHSA-9gcf-pq99-rjw3

EPSS Score

0.22982%

CWE

CWE-377

Published

5/17/2022

Updated

10/21/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
RPLY	pip	< 0.7.1	0.7.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from two key issues in the build method:

Predictable cache filenames were generated using only version, cache_id and grammar hash, without user isolation (missing os.getuid())
Insecure file handling:
- Used basic open() instead of atomic os.open() with O_EXCL
- No validation of file ownership/strict permissions before loading cached data

The commit fc9bbcd explicitly adds:

User ID to filename template
File ownership checks via os.fstat()
Secure file creation with os.O_EXCL
Strict 0600 permissions These changes directly address the vulnerable patterns in the original build method implementation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

2.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2014-1604: RPLY Predictable Tmpfile Names Allows Cache Spoofing

CVE-2014-1604:

2.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2014-1604: RPLY Predictable Tmpfile Names Allows Cache Spoofing

Technical Details

Basic Information

Basic Information

2.1

2.1

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI