Description
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
References (4)
Core 4
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-05/msg00090.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74961
Vendor Advisory mailing-list
x_refsource_mlist
http://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
Vendor Advisory mailing-list
x_refsource_mlist
http://lists.gnu.org/archive/html/parallel/2015-05/msg00024.html
Scores
EPSS
0.0005
EPSS Percentile
16.2%
Details
CWE
CWE-59
Status
published
Products (3)
gnu/parallel
< 20150322
opensuse/opensuse
13.1
opensuse/opensuse
13.2
Published
Jun 02, 2015
Tracked Since
Feb 18, 2026