Race Condition Affecting pytest-xdist package, versions [,1.6)


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Race Condition vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-PYTHON-PYTESTXDIST-6100983
  • published6 Dec 2023
  • disclosed1 Dec 2023
  • creditRalf Schmitt

Introduced: 1 Dec 2023

CVE NOT AVAILABLE CWE-362  (opens in a new tab)

How to fix?

Upgrade pytest-xdist to version 1.6 or higher.

Overview

pytest-xdist is a pytest xdist plugin for distributed testing, most importantly across multiple CPUs

Affected versions of this package are vulnerable to Race Condition in the looponfail mode where a concurrent file removal could cause a crash.

References

CVSS Base Scores

version 3.1