Time-of-check Time-of-use (TOCTOU) Race Condition
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
Using Filename.temp_file can create temporary files in a way that allows attackers to replace them with malicious files or symlinks before your code opens them. This happens because the file is created and opened in separate steps, introducing a timing window.
Impact#
An attacker could exploit this race condition to read, modify, or hijack sensitive temporary files, potentially leading to data leaks, privilege escalation, or code execution. This may compromise application integrity and expose sensitive data or system resources.