Описание
Improper Link Resolution Before File Access in Suds
cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2013-2217
- https://bugzilla.redhat.com/show_bug.cgi?id=978696
- https://github.com/advisories/GHSA-vpqp-hx68-p2wx
- https://github.com/pypa/advisory-database/tree/main/vulns/suds-py3/PYSEC-2013-33.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/suds/PYSEC-2013-32.yaml
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00062.html
- http://www.openwall.com/lists/oss-security/2013/06/27/8
- http://www.ubuntu.com/usn/USN-2008-1
Пакеты
suds
<= 0.4
1.0.0
suds-py3
< 1.4.4.1
1.4.4.1
Связанные уязвимости
cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.
cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.
cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.
cache.py in Suds 0.4, when tempdir is set to None, allows local users ...
