What is CVE-2022-36070?

CVE-2022-36070 is a high-severity vulnerability in Python-poetry Poetry, classified under Untrusted Search Path. CVSS score: 7.3/10. Published 2022-09-07.

How severe is CVE-2022-36070?

High severity. CVSS v3 base score is 7.3 out of 10.

Vulnerability in Python-poetry Poetry

CVE-2022-36070

Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. `git config`. These commands are being executed using the executable’s name and not its absolute path…

EPSS: 0.001 (29.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Python-poetry Poetry — versions < 1.1.9

Weakness classification (CWE)

CWE-426 — Untrusted Search Path

References

github.com/python-poetry/poetry/releases/tag/1.1.9 (x_refsource_MISC)
github.com/python-poetry/poetry/security/advisories/GHSA-j4j9-7hg9-97g6 (x_refsource_CONFIRM)
github.com/python-poetry/poetry/releases/tag/1.2.0b1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-36070?: CVE-2022-36070 is a high-severity vulnerability in Python-poetry Poetry, classified under Untrusted Search Path. CVSS score: 7.3/10. Published 2022-09-07.
How severe is CVE-2022-36070?: High severity. CVSS v3 base score is 7.3 out of 10.