Site icon API Security Blog

Improper Link Resolution Before File Access in Suds

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.Read More

Exit mobile version