Homepage

pyinstaller@5.9.0 vulnerabilities

PyInstaller bundles a Python application and all its dependencies into a single package.

  • latest version

    6.13.0

  • latest non vulnerable version

    6.13.0

  • first published

    12 years ago

  • latest version published

    6 days ago

  • licenses detected

  • View pyinstaller package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the pyinstaller package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Execution with Unnecessary Privileges

    pyinstaller is a package that bundles a Python application and all its dependencies into a single package

    Affected versions of this package are vulnerable to Execution with Unnecessary Privileges. When the tempfile.mkdtemp function is used, it creates a temporary directory that should only be accessible by the creating user ID. However, on Windows systems, the 0o700 POSIX permissions mask has no effect, leading to potential security issues. An attacker with local access can interfere with the application by modifying the contents of the temporary directory if it is located in a system-wide location and the application is running in privileged mode with developer mode enabled. This is only exploitable if the temporary directory base is relocated to a system-wide location (e.g., c:\temp) and developer mode is enabled on the system.

    How to fix Execution with Unnecessary Privileges?

    Upgrade pyinstaller to version 5.13.1 or higher.

    [,5.13.1)
    Go back to all versions of this package