10 matches found
Security Bulletin: TOCTOU Symlink Vulnerability in filelock, affects watsonx.data
Summary filelock versions prior to 3.20.1 are vulnerable to a Time-of-Check-Time-of-Use TOCTOU race condition. Local attackers can exploit this via symlinks to corrupt or truncate arbitrary files during lock creation on Unix, Linux, macOS, and Windows. The issue is fixed in version 3.20.1; partia...
Security Bulletin: IBM Edge Data Collector uses filelock-3.12.2-py3-none-any.whl which is vulnerable to CVE-2025-68146.
Summary IBM Edge Data Collector uses filelock-3.12.2-py3-none-any.whl which is vulnerable to CVE-2025-68146. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a platform-independent file lock for Python. In version...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation
Summary A security vulnerability in Python affects IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelo...
Medium: python3.13-filelock
Issue Overview: filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows loc...
Amazon Linux 2023 : python3-filelock (ALAS2023-2026-1415)
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1415 advisory. filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check- Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrar...
Security Bulletin: Vulnerability in filelock affects IBM Netezza Appliance
Summary The filelock package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-68146 Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a...
SUSE CVE-2025-68146
filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...
EUVD-2025-203839
filelock has a TOCTOU race condition which allows symlink attacks during lock file creation...
filelock has a TOCTOU race condition which allows symlink attacks during lock file creation
Impact A Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation where filelock checks if a file exists before opening it with OTRUNC. An attack...
AZL-79232 CVE-2025-68146 affecting package python-filelock 3.0.12-13
filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...