CVE-2023-6597

The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.

Database specific

{
    "cna_assigner": "PSF",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/6xxx/CVE-2023-6597.json"
}

References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type

GIT

Repo

https://github.com/python/cpython

Events

Introduced

Fixed

469ede4dbc3ef4146803424a9a3a1e16391f5013

Introduced

9cf6752276e6fcfd0c23fdb064ad27f448aaaf75

Fixed

882f62bd93fcd5775068c3b3d1e5ce62f2feaba3

Introduced

b494f5935c92951e75597bfe1c8b1f3112fec270

Fixed

976ea78599d71f22e9c0fefc2dc37c1d9fc835a4

Introduced

deaf509e8fc6e0363bd6f26d52ad42f976ec42f2

Fixed

db85d51d3ea4adfc6147d6af400e167659689eed

Introduced

0fb18b02c8ad56299d6a2910be0bab8ad601ef24

Fixed

2305ca51448552542b2414186252123a8dc87db7

Introduced

2268289a47c6e3c9a220b53697f9480ec390466f

Fixed

7b413952e817ae87bfda2ac85dd84d30a6ce743b

Database specific

{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.8.19"
        },
        {
            "introduced": "3.9.0"
        },
        {
            "fixed": "3.9.19"
        },
        {
            "introduced": "3.10.0"
        },
        {
            "fixed": "3.10.14"
        },
        {
            "introduced": "3.11.0"
        },
        {
            "fixed": "3.11.8"
        },
        {
            "introduced": "3.12.0"
        },
        {
            "fixed": "3.12.1"
        },
        {
            "introduced": "3.13.0a1"
        },
        {
            "fixed": "3.13.0a3"
        }
    ]
}

Affected versions

v0.*

v0.9.8

v0.9.9

v1.*

v1.0.1

v1.0.2

v1.1

v1.1.1

v1.2

v1.2b1

v1.2b2

v1.2b3

v1.2b4

v1.3

v1.3b1

v1.4

v1.4b1

v1.4b2

v1.4b3

v1.5

v1.5.1

v1.5.2

v1.5.2a1

v1.5.2a2

v1.5.2b1

v1.5.2b2

v1.5.2c1

v1.5a1

v1.5a2

v1.5a3

v1.5a4

v1.5b1

v1.5b2

v1.6a1

v1.6a2

v2.*

v2.0

v2.0b1

v2.0b2

v2.0c1

v2.1

v2.1a1

v2.1a2

v2.1b1

v2.1b2

v2.1c1

v2.1c2

v2.2a3

v2.3c1

v2.3c2

v2.4

v2.4a1

v2.4a2

v2.4a3

v2.4b1

v2.4b2

v2.4c1

v3.*

v3.0a1

v3.0a2

v3.0a3

v3.0a4

v3.0a5

v3.0b1

v3.0b2

v3.0b3

v3.0rc1

v3.0rc2

v3.0rc3

v3.1

v3.10.0a1

v3.10.0a7

v3.10.0b1

v3.10.0b2

v3.10.0b3

v3.10.0b4

v3.10.0rc1

v3.10.0rc2

v3.10.1

v3.10.10

v3.10.11

v3.10.12

v3.10.13

v3.10.2

v3.10.3

v3.10.4

v3.10.5

v3.10.6

v3.10.7

v3.10.8

v3.10.9

v3.11.0a3

v3.11.0a4

v3.11.0a5

v3.11.0a6

v3.11.0a7

v3.11.0b1

v3.11.0b2

v3.11.0b3

v3.11.0b4

v3.11.0b5

v3.11.0rc1

v3.11.0rc2

v3.11.1

v3.11.2

v3.11.3

v3.11.4

v3.11.5

v3.11.6

v3.11.7

v3.12.0

v3.13.0b1

v3.13.0b2

v3.1a1

v3.1a2

v3.1b1

v3.1rc1

v3.1rc2

v3.2a1

v3.2a2

v3.2a3

v3.2a4

v3.2b1

v3.2b2

v3.2rc1

v3.2rc2

v3.2rc3

v3.3.0a2

v3.3.0a3

v3.3.0a4

v3.3.0b1

v3.3.0b2

v3.3.0rc1

v3.3.0rc2

v3.3.0rc3

v3.4.0a1

v3.4.0a2

v3.4.0a3

v3.4.0a4

v3.4.0b1

v3.4.0b2

v3.4.0b3

v3.5.0a1

v3.5.0a2

v3.5.0a3

v3.5.0a4

v3.5.0b1

v3.6.0a3

v3.6.0b1

v3.7.0a2

v3.8.0rc1

v3.8.11

v3.8.12

v3.8.13

v3.8.14

v3.8.15

v3.8.16

v3.8.17

v3.8.18

v3.8.3

v3.8.3rc1

v3.8.5

v3.8.8

v3.8.8rc1

v3.9.0a2

v3.9.0b1

v3.9.0b3

v3.9.0b5

v3.9.11

v3.9.12

v3.9.13

v3.9.14

v3.9.15

v3.9.16

v3.9.17

v3.9.18

v3.9.2

v3.9.2rc1

v3.9.5

v3.9.6

v3.9.7

v3.9.8

v3.9.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6597.json"