2 matches found
PDM: Project-Local State and Config Writes Follow Symlinks
Summary PDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets. This creates an arbitrary file clobber primitive relative to the privileges of the...
PT-2026-48600
Name of the Vulnerable Software and Affected Versions PDM versions prior to 2.28.0-1.1 Description PDM writes project-local state and configuration files without symlink protection, allowing a malicious repository to use symlinks to overwrite files outside the repository root. This creates an...