#564 [MEDIUM] apps.py TOCTOU in update_app/delete_app/publish_version

closed medium Created 2025-12-17 16:32 · Updated 2025-12-17 19:58

Description

Edit

Multiple TOCTOU race conditions in apps.py: 1) update_app(): SELECT then UPDATE without locking 2) delete_app(): SELECT then DELETE without locking 3) publish_version(): SELECT then UPDATE without locking. Fix: Use SELECT FOR UPDATE or INSERT ON CONFLICT for atomic operations.

Comments

Loading comments...

Context

Loading context...

Audit History

View All

Loading audit history...

#564 [MEDIUM] apps.py TOCTOU in update_app/delete_app/publish_version

Description

Similar Issues

Comments

Context

Audit History