MEDIUM 5.5
PYSEC-2026-829
keycloak-httpd-client-install symlink attack vulnerability
Details
keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / keycloak-httpd-client-install
Introduced in:
0 Fixed in: 0.8 Fix
pip install --upgrade 'keycloak-httpd-client-install>=0.8' References
- https://nvd.nist.gov/vuln/detail/CVE-2017-15111 [ADVISORY]
- https://github.com/jdennis/keycloak-httpd-client-install/commit/07f26e213196936fb328ea0c1d5a66a09d8b5440 [WEB]
- https://access.redhat.com/errata/RHSA-2019:2137 [WEB]
- https://github.com/jdennis/keycloak-httpd-client-install [PACKAGE]
- https://pypi.org/project/keycloak-httpd-client-install [PACKAGE]
- https://github.com/advisories/GHSA-vqf9-v3hc-wr54 [ADVISORY]