[New-bugs-announce] [issue35278] directory traversal in tempfile prefix
Yusuke Endoh
report at bugs.python.org
Mon Nov 19 07:46:03 EST 2018
New submission from Yusuke Endoh <y.endoh at gmail.com>:
Hello,
The tempfile library does not check the prefix argument, which can be exploited to create files outside tmpdir by using directory traversal.
```
>>> import tempfile
>>> tempfile.gettempprefix()
'tmp'
>>> f = tempfile.NamedTemporaryFile(prefix="/home/mame/cracked")
>>> f.name
'/home/mame/crackedlt3y_ddm'
```
The same issue was found and treated as a vulnerability in PHP (CVE-2006-1494) and Ruby (CVE-2018-6914).
I first reported this issue to security at python.org at July 2018. Some people kindly discussed it, and finally I was told to create a ticket here.
----------
components: Library (Lib)
messages: 330097
nosy: Yusuke Endoh
priority: normal
severity: normal
status: open
title: directory traversal in tempfile prefix
type: security
versions: Python 3.8
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue35278>
_______________________________________
More information about the New-bugs-announce
mailing list