| Title | erdogant pypickle 1.1.5 File Overwrite Vulnerability |
|---|
| Description | Title - File Overwrite Vulnerability in save () function in pypickle.py
Description
The save() function in the pypickle.py module has a vulnerability that allows unintended file overwrites, leading to potential data loss or security risks. This issue occurs when the overwrite parameter is set to True, but there is insufficient validation on the file path, which could lead to overwriting critical files or unauthorized locations on the filesystem.
Affected Component
Path: https://github.com/erdogant/pypickle/blob/master/pypickle/pypickle.py
File: pypickle.py
Function: save()
Version 1.1.5
Vulnerable Code Snippet:
https://github.com/erdogant/pypickle/blob/8d6d00b08cc040bea563ec8bc3ecef98de486094/pypickle/pypickle.py#L21-#L70
Reference
https://github.com/erdogant/pypickle/issues/3 |
|---|
| Source | ⚠️ https://github.com/erdogant/pypickle/issues/3 |
|---|
| User | Prince Raj (UID 85431) |
|---|
| Submission | 05/17/2025 14:30 (11 months ago) |
|---|
| Moderation | 05/25/2025 15:47 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 310263 [erdogant pypickle up to 1.1.5 pypickle/pypickle.py save improper authorization] |
|---|
| Points | 20 |
|---|