{"id":"CVE-2021-34363","details":"The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the \"undo archive operation\" feature.","aliases":["GHSA-8wwf-2644-f8x4","PYSEC-2021-97"],"modified":"2026-05-18T05:53:33.099354109Z","published":"2021-06-10T11:15:09.357Z","database_specific":{"unresolved_ranges":[{"vendor_product":"fedoraproject:fedora","extracted_events":[{"last_affected":"34"},{"last_affected":"35"}],"source":"CPE_FIELD","cpes":["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MEDDLBFVRUQHPYIBJ4MFM3M4NUJUXL5/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YA6UNQSOY6M3NJDZLS6YJXTS4WGDMEEJ/"},{"type":"ADVISORY","url":"https://github.com/nvbn/thefuck/releases/tag/3.31"},{"type":"ADVISORY","url":"https://vuln.ryotak.me/advisories/48"},{"type":"FIX","url":"https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nvbn/thefuck","events":[{"introduced":"0"},{"fixed":"0949d2e77022ad69cc07d4b25a858a7e023503ac"},{"fixed":"e343c577cd7da4d304b837d4a07ab4df1e023092"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"3.31"}],"cpe":"cpe:2.3:a:the_fuck_project:the_fuck:*:*:*:*:*:python:*:*"}}],"versions":["3.30","3.29","3.28","3.27","3.26","3.25","3.24","3.22","3.23","3.21","3.20","3.19","3.18","3.17","3.16","3.15","3.14","3.13","3.12","3.11","3.10","3.9","3.8","3.7","3.6","3.5","3.4","3.3","3.2","3.1","3.0","2.9.1","2.9","2.8","2.7","2.6","2.5.6","2.5.4","2.5","2.4","2.3","2.2","2.1","2.0","1.49.1","1.49","1.48","1.47","1.46","1.45","1.44","1.43","1.42","1.41","1.40","1.39","1.38","1.37","1.36","1.35","1.34","1.33","1.32","1.31","1.30","1.29","1.28","1.27","1.26","1.24","1.22","1.23","1.21","1.20","1.19","1.18","1.17","1.16","1.15","1.14","1.13"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-34363.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}]}