eyed3@0.9.2 vulnerabilities

Python audio data toolkit (ID3 and MP3)

Direct Vulnerabilities

Known vulnerabilities in the eyed3 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Insecure use of temporary file

eyeD3 is a Python audio data toolkit (ID3 and MP3)

Affected versions of this package are vulnerable due to the Insecure use of temporary files. tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.

How to fix Insecure use of temporary file?

Upgrade to version 7.0.3 or greater.

[,0.6.18] [,7.0.3]