| tiêu đề | Github buzz 1.1.0 Insecure Temporary File in chidiwilliams / buzz |
|---|
| Mô tả | Chidivilliams/buzz uses the unsafe deprecated function tempfile. mktem() in number of files
This is very unsafe because during the time between calling mktemp() and the first process attempting to create a file, different processes may create a file with this name.
Functions that create temporary file names (such as tempfile.mktemp()) are fundamentally insecure, as they do not ensure exclusive access to a file with the temporary name they return. The file name returned by these functions is guaranteed to be unique on creation but the file must be opened in a separate operation. There is no guarantee that the creation and open operations will happen atomically. This provides an opportunity for an attacker to interfere with the file before it is opened.
Use mkstemp() instead of tempfile.mktemp(). |
|---|
| Nguồn | ⚠️ https://github.com/Startr4ck/CVE_lists/blob/main/buzz/Insecure%20Temporary%20File%20in%20BUZZ.md |
|---|
| Người dùng | startr4ck (UID 76213) |
|---|
| Đệ trình | 17/10/2024 08:14 (cách đây 2 những năm) |
|---|
| Kiểm duyệt | 24/10/2024 21:51 (8 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 281764 [chidiwilliams buzz 1.1.0 buzz/model_loader.py download_model nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|