pleaser (crates.io) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the crates.io package pleaser, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2021-31154 — CVSS 7.8 (high): pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain…
CVE-2021-31155 — CVSS 7.8 (high): Failure to normalize the umask in please before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at…
CVE-2023-46277 — CVSS 7.8 (high): please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX…
CVE-2021-31153 — CVSS 3.3 (low): please before 0.4 allows a local unprivileged attacker to gain knowledge about the existence of files or directories in privileged…