CVE-2014-1838: Improper Link Resolution Before File Access
(updated )
The extract_keys_from_pdf
and fill_pdf
functions in pdf_ext.py
in logilab-commons allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf
.
References
Detect and mitigate CVE-2014-1838 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →