How severe is CVE-2024-3220?

This vulnerability has a severity rating of LOW with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-3220?

This is classified as CWE-426, which is a common weakness in software security.

CVE-2024-3220 - LOW Severity | CVSS N/A

Vulnerability Description

There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type. This defect is caused by the default locations of Linux and macOS platforms (such as “/etc/mime.types”) also being used on Windows, where they are user-writable locations (“C:\etc\mime.types”). To work-around this issue a user can call mimetypes.init() with an empty list (“[]”) on Windows platforms to avoid using the default list of known file locations.

Related Vulnerabilities

CVE-2011-4125

CRITICAL

CVSS:9.8(Critical)

A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.

CWE-4262011

CVE-2017-12414

CRITICAL

CVSS:9.8(Critical)

Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and dwmapi.dll.

CWE-4262017

CVE-2017-2225

CRITICAL

CVSS:9.8(Critical)

Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CWE-4262017

CVE-2018-19486

CRITICAL

CVSS:9.8(Critical)

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, becaus...

CWE-4262018

CVE-2020-15801

CRITICAL

CVSS:9.8(Critical)

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) ...

CWE-4262020

CVE-2022-26184

CRITICAL

CVSS:9.8(Critical)

Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malici...

CWE-4262022