Описание
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extract_zipped_paths() utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call extract_zipped_paths() directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set TMPDIR in their environment to a directory with restricted write access.
A flaw was found in the requests HTTP library, specifically in the requests.utils.extract_zipped_paths() function, which is used to load Certificate Authority (CA) bundles. A local attacker can exploit this vulnerability by pre-creating a malicious CA bundle file in the system's temporary directory. When a vulnerable application initializes the requests library, it may load this malicious file instead of the legitimate CA bundle, leading to a bypass of security controls and potential integrity compromise.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| External Secrets Operator for Red Hat OpenShift | external-secrets-operator/bitwarden-sdk-server-rhel9 | Fix deferred | ||
| External Secrets Operator for Red Hat OpenShift | external-secrets-operator/external-secrets-operator-bundle | Fix deferred | ||
| External Secrets Operator for Red Hat OpenShift | external-secrets-operator/external-secrets-operator-rhel9 | Fix deferred | ||
| External Secrets Operator for Red Hat OpenShift | external-secrets-operator/external-secrets-rhel9 | Fix deferred | ||
| Lightspeed Core | lightspeed-core/dataverse-exporter-rhel9 | Fix deferred | ||
| Lightspeed Core | lightspeed-core/lightspeed-stack-rhel9 | Fix deferred | ||
| Lightspeed Core | lightspeed-core/rag-tool-rhel9 | Fix deferred | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-curator5-rhel9 | Fix deferred | ||
| Migration Toolkit for Containers | rhmtc/openshift-migration-rhel8-operator | Fix deferred | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-rhel9-operator | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
4.7 Medium
CVSS3
Связанные уязвимости
Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call `extract_zipped_paths()` directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set `TMPDIR` in their environment to a directory with restricted write access.
Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Requests is a HTTP library. Prior to version 2.33.0, the `requests.uti ...
Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
EPSS
4.7 Medium
CVSS3