| Título | erdogant pypickle 1.1.5 File Overwrite Vulnerability |
|---|
| Descripción | Title - File Overwrite Vulnerability in save () function in pypickle.py
Description
The save() function in the pypickle.py module has a vulnerability that allows unintended file overwrites, leading to potential data loss or security risks. This issue occurs when the overwrite parameter is set to True, but there is insufficient validation on the file path, which could lead to overwriting critical files or unauthorized locations on the filesystem.
Affected Component
Path: https://github.com/erdogant/pypickle/blob/master/pypickle/pypickle.py
File: pypickle.py
Function: save()
Version 1.1.5
Vulnerable Code Snippet:
https://github.com/erdogant/pypickle/blob/8d6d00b08cc040bea563ec8bc3ecef98de486094/pypickle/pypickle.py#L21-#L70
Reference
https://github.com/erdogant/pypickle/issues/3 |
|---|
| Fuente | ⚠️ https://github.com/erdogant/pypickle/issues/3 |
|---|
| Usuario | Prince Raj (UID 85431) |
|---|
| Sumisión | 2025-05-17 14:30 (hace 11 meses) |
|---|
| Moderación | 2025-05-25 15:47 (8 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 310263 [erdogant pypickle hasta 1.1.5 pypickle/pypickle.py save escalada de privilegios] |
|---|
| Puntos | 20 |
|---|