Improper Link Resolution Before File Access in pip
Low severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
Aug 17, 2013
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
Jul 8, 2022
Last updated
Jan 29, 2023
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
References