Path Traversal Vulnerability in thefuck Package Allows Arbitrary File Deletion

Path Traversal Vulnerability in thefuck Package Allows Arbitrary File Deletion

CVE-2021-34363 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.

Learn more about our Web Application Penetration Testing UK.