{"id":"PYSEC-2014-95","details":"Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.","aliases":["CVE-2014-1624","GHSA-7372-q459-jxhr"],"modified":"2023-11-08T03:57:34.699452Z","published":"2014-01-28T00:55:00Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2014/01/21/4"},{"type":"WEB","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2014/01/21/3"},{"type":"WEB","url":"http://www.securityfocus.com/bid/65042"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90618"}],"affected":[{"package":{"name":"pyxdg","ecosystem":"PyPI","purl":"pkg:pypi/pyxdg"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.25"},{"fixed":"0.26"}]}],"versions":["0.25"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pyxdg/PYSEC-2014-95.yaml"}}],"schema_version":"1.7.3"}