2 matches found
PDM wheel installation leads to Path Traversal via overridden write_to_fs
InstallDestination.writetofs in src/pdm/installers/installers.py overrides the base class to add symlink/hardlink support but replaces the safe pathwithdestdir which validates via Path.resolve + isrelativeto with a bare os.path.join that performs no path validation. A malicious wheel with travers...
CVE-2022-34271
A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0...