CVE-2024-34528
HIGHWordOps < 3.21.0 - Time-of-check Time-of-use Race Condition in Stack Pref Plugin
Title source: llmDescription
WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation.
References (2)
Core 2
Core References
Various Sources
https://github.com/WordOps/WordOps/blob/ecf20192c7853925e2cb3f8c8378cd0d86ca0d62/wo/cli/plugins/stack_pref.py#L77
Issue Tracking
https://github.com/WordOps/WordOps/issues/611
Scores
CVSS v3
7.7
EPSS
0.0003
EPSS Percentile
8.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-367
Status
published
Products (1)
pypi/wordops
0 - 3.21.0PyPI
Published
May 06, 2024
Tracked Since
Feb 18, 2026