Path Traversal Vulnerability in thefuck Package Allows Arbitrary File Deletion
CVE-2021-34363 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.
Learn more about our Web Application Penetration Testing UK.