CVE-2021-31154

Published May 27th, 2021

View on NVD ↗

CVSS v3

7.8

HIGH

CVSS v2

7.2

HIGH

Affected

PROJECT

Description

pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.

edneville/please

please, sudo like program with regex support written in rust

GitLab