Creation of Temporary File With Insecure Permissions
CVE-2014-1604
Summary
The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name.
- LOW
- LOCAL
- NONE
- PARTIAL
- NONE
- NONE
CWE-378 - Creation of Temporary File With Insecure Permissions
Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.
References
Advisory Timeline
- Published