[New-bugs-announce] [issue35278] directory traversal in tempfile prefix
report at bugs.python.org
Mon Nov 19 07:46:03 EST 2018
New submission from Yusuke Endoh <y.endoh at gmail.com>:
The tempfile library does not check the prefix argument, which can be exploited to create files outside tmpdir by using directory traversal.
>>> import tempfile
>>> f = tempfile.NamedTemporaryFile(prefix="/home/mame/cracked")
The same issue was found and treated as a vulnerability in PHP (CVE-2006-1494) and Ruby (CVE-2018-6914).
I first reported this issue to security at python.org at July 2018. Some people kindly discussed it, and finally I was told to create a ticket here.
components: Library (Lib)
nosy: Yusuke Endoh
title: directory traversal in tempfile prefix
versions: Python 3.8
Python tracker <report at bugs.python.org>
More information about the New-bugs-announce