Pyro mishandles pid files in temporary directory locations and opening the pid file as root
High severity
GitHub Reviewed
Published
Aug 21, 2018
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Description
Published to the GitHub Advisory Database
Aug 21, 2018
Reviewed
Jun 16, 2020
Last updated
Jan 9, 2023
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.
References