Lucene search
Veracode Vulnerability DatabaseVERACODE:40593HistoryMay 19, 2023 - 5:03 a.m.
Insecure Temporary File
2023-05-1905:03:18
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
transformers
vulnerability
insecure temporary files
deprecated function
tempfile.mktemp()
exclusive access
atomically
attacker
availability
software
EPSS
0
Percentile
9.0%
transformers is vulnerable to Insecure Temporary Files. The vulnerability exists inside download_url due to the use of deprecated function tempfile.mktemp() which creates temporary file names that are fundamentally insecure, as they do not ensure exclusive access to a file with the temporary name they return. There is no guarantee that the creation and open operations will happen atomically which provides an opportunity for an attacker to interfere with the availability of the file before it is opened.
Related
huntr
huntr
Insecure Temporary File
2023-01-05 13:42:55
cvelist
cvelist
CVE-2023-2800 Insecure Temporary File in huggingface/transformers
2023-05-18 00:00:00
osv
osv
transformers has Insecure Temporary File
2023-05-18 18:30:35
CVE-2023-2800
2023-05-18 17:15:08
cve
cve
CVE-2023-2800
2023-05-18 17:15:08
ibm
ibm
github
github
transformers has Insecure Temporary File
2023-05-18 18:30:35
nvd
nvd
CVE-2023-2800
2023-05-18 17:15:08
prion
prion
Design/Logic Flaw
2023-05-18 17:15:00