storlets@4.0.0.0rc2 vulnerabilities

Middleware and Compute Engine for an OpenStack Swift compute framework that runs compute within a Swift cluster

Direct Vulnerabilities

Known vulnerabilities in the storlets package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Time-of-check Time-of-use (TOCTOU) Race Condition

storlets is a Middleware and Compute Engine for an OpenStack Swift compute framework that runs compute within a Swift cluster

Affected versions of this package are vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition via the gateway.py component, when a file is first written and then its permissions are later changed using chmod. An attacker can exploit the time window between when the file is initially written and when its permissions are modified and may gain access to the file.

How to fix Time-of-check Time-of-use (TOCTOU) Race Condition?

Upgrade storlets to version 13.0.0 or higher.

[,13.0.0)