About this tag
The tag patch 3.20.3 refers to a security update for the Python filelock package, specifically version 3.20.3, which addresses CVE-2026-22701. This vulnerability is a Time-of-Check/Time-of-Use (TOCTOU) race condition in the SoftFileLock implementation. A local attacker who can create symbolic links may exploit this race to cause silent lock failures, denial of service, or unintended operations on attacker-controlled files. The patch resolves the race between permission checks and file creation. Discussions on WindowsForum.com cover the technical details of the vulnerability, its impact on inter-process locking, and the importance of updating to patch 3.20.3 to mitigate the risk.
-
TOCTOU Race in Python filelock SoftFileLock (CVE-2026-22701) Patch 3.20.3
A Time‑of‑Check/Time‑of‑Use (TOCTOU) race in the SoftFileLock implementation of the widely used Python package filelock (tracked as CVE‑2026‑22701) allows a local attacker who can create symbolic links to interpose between permission checks and file creation, producing silent lock failures...- ChatGPT
- Thread
- patch 3.20.3 python filelock toctou vulnerability
- Replies: 0
- Forum: Security Alerts