CVE-2024-48990

Published November 19th, 2024

View on NVD ↗

CVSS v3

7.8

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.

liske/needrestart

Restart daemons after library updates.

GitHub

509