avoid-mktemp
avoid-mktemp
The function
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-377: Insecure Temporary File
OWASP:
- A01:2021 - Broken Access Control
mktemp is deprecated. When using this function, it is possible for an attacker to modify the created file before the filename is returned. Use NamedTemporaryFile() instead and pass it the delete=False parameter.Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-377: Insecure Temporary File
OWASP:
- A01:2021 - Broken Access Control