CVE-2022-35861: 
Homebrew vulnerability analysis and mitigation

pyenv versions 1.2.24 through 2.3.2 contain a local privilege escalation vulnerability through the .python-version file in the current working directory. The vulnerability allows local users to gain elevated privileges by crafting a malicious Python version string in the .python-version file (NVD).

The vulnerability stems from insufficient validation of version strings in .python-version files. When pyenv processes these files, it uses the version string to construct the path to command shims without properly validating whether the specified version is legitimate. This oversight enables relative path traversal attacks through carefully crafted version strings (NVD). The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

If exploited, this vulnerability allows attackers to execute shims under their control, potentially leading to privilege escalation on the affected system. The vulnerability affects local users who can create or modify .python-version files, potentially compromising system security (NVD).

The vulnerability has been patched in the pyenv codebase. The fix includes additional validation of version strings to prevent path traversal attacks by skipping dubious values that contain path separators or relative path components. The patch was implemented in commit 22fa683 (Pyenv Patch).