Lucene search

K
osvGoogleOSV:GHSA-RR52-WG7F-8875
HistoryMay 14, 2022 - 2:09 a.m.

Improper Link Resolution Before File Access in logilab-commons

2022-05-1402:09:22
Google
osv.dev
8
extract_keys
fill_pdf
pdf_ext
symlink attack
arbitrary files
local users
logilab-commons

EPSS

0

Percentile

5.1%

The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-common before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.