[New-bugs-announce] [issue35278] directory traversal in tempfile prefix

Yusuke Endoh report at bugs.python.org
Mon Nov 19 07:46:03 EST 2018

New submission from Yusuke Endoh <y.endoh at gmail.com>:


The tempfile library does not check the prefix argument, which can be exploited to create files outside tmpdir by using directory traversal.

>>> import tempfile
>>> tempfile.gettempprefix()
>>> f = tempfile.NamedTemporaryFile(prefix="/home/mame/cracked")
>>> f.name

The same issue was found and treated as a vulnerability in PHP (CVE-2006-1494) and Ruby (CVE-2018-6914).

I first reported this issue to security at python.org at July 2018.  Some people kindly discussed it, and finally I was told to create a ticket here.

components: Library (Lib)
messages: 330097
nosy: Yusuke Endoh
priority: normal
severity: normal
status: open
title: directory traversal in tempfile prefix
type: security
versions: Python 3.8

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list