>_
.issue.db
/highway-workflow-engine
Dashboard
Issues
Memory
Lessons
Audit Log
New Issue
Edit Issue #397
Update issue details
Title *
Description
async_deferred_task.py:103-105 - Creates predictable /tmp/highway_job_{job_id}.py file path. Attacker could create symlink at this path before file write, potentially writing arbitrary content to attacker-controlled location. Fix: Use tempfile.mkstemp() with unpredictable name, or write to secure directory with restricted permissions.
Priority
Low
Medium
High
Critical
Status
Open
In Progress
Closed
Won't Do
Due Date (YYYY-MM-DD)
Tags (comma separated)
Related Issues (IDs)
Enter IDs of issues related to this one. They will be linked as 'related'.
Update Issue
Cancel