Skip to content

[security] directory traversal in tempfile prefix #79459

Open
@YusukeEndoh

Description

@YusukeEndoh
BPO 35278
Nosy @mjpieters, @vstinner, @ambv, @csabella, @Thorleon, @obestwalter
PRs
  • bpo-35278: Sanitize tempfile prefix to prevent directory treversal #10627
  • Files
  • bpo-35278.patch
  • Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
    closed_at = None
    created_at = <Date 2018-11-19.12:46:03.177>
    labels = ['type-security', '3.8', '3.9', '3.10', '3.7', 'library']
    title = '[security] directory traversal in tempfile prefix'
    updated_at = <Date 2021-03-14.02:25:00.048>
    user = 'https://bugs.python.org/YusukeEndoh'

    bugs.python.org fields:

    activity = <Date 2021-03-14.02:25:00.048>
    actor = 'gregory.p.smith'
    assignee = 'none'
    closed = False
    closed_date = None
    closer = None
    components = ['Library (Lib)']
    creation = <Date 2018-11-19.12:46:03.177>
    creator = 'Yusuke Endoh'
    dependencies = []
    files = ['47939']
    hgrepos = []
    issue_num = 35278
    keywords = ['patch']
    message_count = 6.0
    messages = ['330097', '330100', '330169', '335174', '340205', '356299']
    nosy_count = 7.0
    nosy_names = ['mjpieters', 'vstinner', 'lukasz.langa', 'cheryl.sabella', 'Yusuke Endoh', 'thorleon', 'obestwalter']
    pr_nums = ['10627']
    priority = 'normal'
    resolution = None
    stage = 'patch review'
    status = 'open'
    superseder = None
    type = 'security'
    url = 'https://bugs.python.org/issue35278'
    versions = ['Python 3.6', 'Python 3.7', 'Python 3.8', 'Python 3.9', 'Python 3.10']

    Metadata

    Metadata

    Assignees

    No one assigned

      Labels

      3.10only security fixes3.11only security fixes3.12only security fixes3.13bugs and security fixes3.8 (EOL)end of life3.9only security fixesstdlibPython modules in the Lib dirtype-securityA security issue

      Projects

      Status

      No status

      Milestone

      No milestone

      Relationships

      None yet

      Development

      No branches or pull requests

      Issue actions