CNNVD-202601-1733 Information
CNNVD ID
CNNVD-202601-1733
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
filelock是tox development team开源的一个Python文件锁。 filelock 3.20.3之前版本存在安全漏洞,该漏洞源于SoftFileLock实现中存在TOCTOU竞争条件,可能导致锁定操作失败或行为异常。
Description (English)
Filelock is a Python file lock from the open source of tox development team. There is a security loophole in the pre-filelock 3.203 version, which stems from the existence of TOCTOU competitive conditions in the realization of SoftFileLock, which could lead to lock-in failures or behavioural anomalies.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
tox development team
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/tox-dev/filelock/commit/255ed068bc85d1ef406e50a135e1459170dd1bf0 https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5 https://github.com/tox-dev/filelock/security/advisories/GHSA-qmgc-5h2g-mvrw
Patch
https://github.com/tox-dev/filelock/releases
Share on: