Advisory #48
TitleThe Fuck arbitrary file deletion via path traversal
CVE IDCVE-2021-34363
VendorThe Fuck Maintainers
Affected productThe Fuck
Affected versions- 3.30
Vulnerability typeCWE-22 (Path Traversal)
DescriptionThe Fuck (aka thefuck) has a vulnerability that allows an attacker to delete arbitrary file on the system via path traversal in "undo archive operation" feature.
StatusFixed in 3.31
RecommendationUpdate to 3.31 or above.