Improper Link Resolution Before File Access in Suds
Low severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
Sep 23, 2013
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Jul 8, 2022
Last updated
Jan 29, 2023
cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.
References