CVE-2023-46277 Information

Description

please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled this cannot be exploited.)

Reference

https://gitlab.com/edneville/please/-/merge_requests/69#note_1594254575 https://gitlab.com/edneville/please/-/issues/13 https://rustsec.org/advisories/RUSTSEC-2023-0066.html https://github.com/rustsec/advisory-db/pull/1798