CVE-2023-6597

HIGH7.8EPSS 0.08%

python3.7 - security update

Published: 3/19/2024Modified: 11/19/2025

Also known as:ALPINE-CVE-2023-6597

Description

An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.

Affected packages (8)

Alpine/python3from 0, < 3.10.14-r0
Bitnami/libpythonfrom 0, < 3.8.19, >= 3.9.0, < 3.9.19, >= 3.10.0, < 3.10.14, >= 3.11.0, < 3.11.8, >= 3.12.0, < 3.12.1
Bitnami/pythonfrom 0, < 3.8.19, >= 3.9.0, < 3.9.19, >= 3.10.0, < 3.10.14, >= 3.11.0, < 3.11.8, >= 3.12.0, < 3.12.1
Bitnami/python-minfrom 0, < 3.8.19, >= 3.9.0, < 3.9.19, >= 3.10.0, < 3.10.14, >= 3.11.0, < 3.11.8, >= 3.12.0, < 3.12.1
Debian/pypy3from 0, < 7.3.5+dfsg-2+deb11u3
Debian/python3.11from 0, < 3.11.2-6+deb12u2
Debian/python3.7from 0, < 3.7.3-2+deb10u7
Debian/python3.9from 0, < 3.9.2-1+deb11u2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.8	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Description

Affected packages (8)

CVSS scores

References (17)