An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.
The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/python3.11 | deb | debian | 12 | >=3.11.2-6 | Not yet available |
| debian/pypy3 | deb | debian | unstable | <7.3.13+dfsg-1 | 7.3.13+dfsg-1 |
| debian/pypy3 | deb | debian | 10 | >=7.0.0+dfsg-3 | Not yet available |
| debian/pypy3 | deb | debian | 11 | >=7.3.5+dfsg-2+deb11u2 | Not yet available |
| debian/pypy3 | deb | debian | 12 | >=7.3.11+dfsg-2+deb12u1 | Not yet available |
| debian/pypy3 | deb | debian | 13 | <7.3.13+dfsg-1 | 7.3.13+dfsg-1 |
| debian/python3.11 | deb | debian | 13 | <3.11.8-1 | 3.11.8-1 |
| debian/python3.11 | deb | debian | unstable | <3.11.8-1 | 3.11.8-1 |
| debian/python3.12 | deb | debian | 13 | <3.12.1-1 | 3.12.1-1 |
| debian/python3.12 | deb | debian | unstable | <3.12.1-1 | 3.12.1-1 |
| debian/python3.7 | deb | debian | 10 | <3.7.3-2+deb10u7 | 3.7.3-2+deb10u7 |
| debian/python3.9 | deb | debian | 11 | >=3.9.2-1 | Not yet available |
Severity and metrics
No CVSS data available from this source.
1.4
-
-
-
-
-
-
-
BIT-python-2023-6597
-
CVE-2023-6597
-
CVE-2023-6597
-