Vulnerability CVE-2024-34528
Published: 2024-05-06

Description:
WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation.

 References:
https://github.com/WordOps/WordOps/issues/611
https://github.com/WordOps/WordOps/blob/ecf20192c7853925e2cb3f8c8378cd0d86ca0d62/wo/cli/plugins/stack_pref.py#L77
Copyright 2024, cxsecurity.com

 

Back to Top