CVE-2013-2217: Improper Link Resolution Before File Access in Suds

May 14, 2022 (updated October 28, 2024)

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.

References

bugzilla.redhat.com/show_bug.cgi?id=978696
github.com/advisories/GHSA-vpqp-hx68-p2wx
github.com/pypa/advisory-database/tree/main/vulns/suds-py3/PYSEC-2013-33.yaml
github.com/pypa/advisory-database/tree/main/vulns/suds/PYSEC-2013-32.yaml
nvd.nist.gov/vuln/detail/CVE-2013-2217

Code Behaviors & Features

Detect and mitigate CVE-2013-2217 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →