-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| logilab-common | pip | < 0.61.0 | 0.61.0 |
Miggo AIRoot Cause AnalysisThe vulnerability description explicitly names extract_keys_from_pdf and fill_pdf in pdf_ext.py as the vulnerable functions. Both functions interact with /tmp/toto.fdf using unsafe file operations (os.system calls with hardcoded paths), which are susceptible to symlink attacks. Multiple sources (CVE-2014-1838, Debian bug #737051, GitHub Advisory GHSA-rr52-wg7f-8875) confirm this root cause. The functions lack proper temporary file handling mechanisms like using mkstemp or checking for existing symlinks.
Ongoing coverage of React2Shell