| Título | erdogant pypickle 1.1.5 File Overwrite Vulnerability |
|---|
| Descrição | Title - File Overwrite Vulnerability in save () function in pypickle.py
Description
The save() function in the pypickle.py module has a vulnerability that allows unintended file overwrites, leading to potential data loss or security risks. This issue occurs when the overwrite parameter is set to True, but there is insufficient validation on the file path, which could lead to overwriting critical files or unauthorized locations on the filesystem.
Affected Component
Path: https://github.com/erdogant/pypickle/blob/master/pypickle/pypickle.py
File: pypickle.py
Function: save()
Version 1.1.5
Vulnerable Code Snippet:
https://github.com/erdogant/pypickle/blob/8d6d00b08cc040bea563ec8bc3ecef98de486094/pypickle/pypickle.py#L21-#L70
Reference
https://github.com/erdogant/pypickle/issues/3 |
|---|
| Fonte | ⚠️ https://github.com/erdogant/pypickle/issues/3 |
|---|
| Utilizador | Prince Raj (UID 85431) |
|---|
| Submissão | 17/05/2025 14h30 (há 11 meses) |
|---|
| Moderação | 25/05/2025 15h47 (8 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 310263 [erdogant pypickle até 1.1.5 pypickle/pypickle.py save Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|