Posted by Georgi Guninski on Jul 26

Potential symlink attack in python3 __pycache__

Not sure if this is vulnerability, but it looks like
classical symlink attack.

In python3, if a script in directory DIR1 does “import another”,
then python3 creates directory __pycache__ in DIR1 and puts
some files in __pycache__.

According to our tests, if DIR1/__pycache__ is symlink to something,
then python3 follows the symlink.

We suspect the attacker has little to no control on…
Read More – Full Disclosure


By |2021-07-27T02:19:10-04:00July 27th, 2021|