CVE-2023-6597

HIGH7.8EPSS 0.08%

python3.7 - security update

發布日:2024/3/19修改日:2025/11/19

也稱為:ALPINE-CVE-2023-6597

描述

An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.

受影響套件(8)

Alpine/python3from 0, < 3.10.14-r0
Bitnami/libpythonfrom 0, < 3.8.19, >= 3.9.0, < 3.9.19, >= 3.10.0, < 3.10.14, >= 3.11.0, < 3.11.8, >= 3.12.0, < 3.12.1
Bitnami/pythonfrom 0, < 3.8.19, >= 3.9.0, < 3.9.19, >= 3.10.0, < 3.10.14, >= 3.11.0, < 3.11.8, >= 3.12.0, < 3.12.1
Bitnami/python-minfrom 0, < 3.8.19, >= 3.9.0, < 3.9.19, >= 3.10.0, < 3.10.14, >= 3.11.0, < 3.11.8, >= 3.12.0, < 3.12.1
Debian/pypy3from 0, < 7.3.5+dfsg-2+deb11u3
Debian/python3.11from 0, < 3.11.2-6+deb12u2
Debian/python3.7from 0, < 3.7.3-2+deb10u7
Debian/python3.9from 0, < 3.9.2-1+deb11u2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.8	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

描述

受影響套件(8)

CVSS 分數

參考連結(17)