Описание
The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| AMQ Clients | python39-qpid-proton | Fix deferred | ||
| AMQ Clients | python3-qpid-proton | Fix deferred | ||
| AMQ Clients | qpid-proton | Fix deferred | ||
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-agent-rhel9 | Fix deferred | ||
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-controller-rhel9 | Fix deferred | ||
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-rhel9 | Fix deferred | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-controller-rhel9 | Fix deferred | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-git-cloner-rhel9 | Fix deferred | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-image-bundler-rhel9 | Fix deferred | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-image-processing-rhel9 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
5.6 Medium
CVSS3
Связанные уязвимости
The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress.
The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress.
The filepath.Walk and filepath.WalkDir functions are documented as not ...
The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress.
EPSS
5.6 Medium
CVSS3