CVE-2021-34363

NameCVE-2021-34363
DescriptionThe thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs989989

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
thefuck (PTS)stretch3.11-2.1~deb9u1vulnerable
buster3.11-2.1vulnerable
bookworm, sid, bullseye3.29-0.3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
thefucksource(unstable)3.29-0.3989989

Notes

[buster] - thefuck <no-dsa> (Minor issue)
[stretch] - thefuck <no-dsa> (Minor issue)
https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092 (3.31)
https://github.com/nvbn/thefuck/pull/1206

Search for package or bug name: Reporting problems