[CVE-2023-6597] tempfile.TemporaryDirectory dereferences symlinks during cleanup
![](https://secure.gravatar.com/avatar/f96e020357b4a421390564f722b130b2.jpg?s=120&d=mm&r=g)
19 Mar
2024
19 Mar
'24
7:10 p.m.
An issue was found in the CPython tempfile.TemporaryDirectory
class
affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior.
The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
*References*
94
Age (days ago)
94
Last active (days ago)
0 comments
1 participants
participants (1)
-
Ee Durbin