2 matches found
CVE-2025-68146
CVE-2025-68146 affects the Python filelock package. A TOCTOU race in lock file creation allows local attackers with filesystem access to exploit symlinks and truncate target files. The vulnerability exists in UnixFileLock and WindowsFileLock for versions before 3.20.1; an attacker can create a sy...
CVE-2026-22701
Summary of CVE-2026-22701 (python-filelock) A TOCTOU race condition affects the SoftFileLock implementation in python-filelock prior to version 3.20.3. With local filesystem access and the ability to create symlinks, an attacker can exploit a race between the permission validation and file creati...