CVE-2022-26184

Published
View on NVD ↗
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
2
PROJECTS

Description

Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.

python-poetry/poetry
python-poetry/poetry
Python packaging and dependency management made easy
GitHubGitHub
34.3K
python-poetry/poetry-core
python-poetry/poetry-core
Poetry PEP 517 Build Backend & Core Utilities
GitHubGitHub
479