Skip to main content

Creation of Temporary File With Insecure Permissions

CVE-2014-1604

Severity Low
Score 2.1/10

Summary

The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name.

  • LOW
  • LOCAL
  • NONE
  • PARTIAL
  • NONE
  • NONE

CWE-378 - Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

References

Advisory Timeline

  • Published