Samin061 opened a new pull request, #69194:
URL: https://github.com/apache/airflow/pull/69194

   ImapHook writes each downloaded attachment under `local_output_directory`, 
but `_is_symlink` passed the bare attachment name to `os.path.islink`, so it 
inspected a path relative to the process working directory rather than the file 
that gets opened. A symlink planted at the real destination slipped past the 
check and the following `open(..., "wb")` wrote through it, so an 
attacker-controlled attachment name and payload could overwrite the link 
target. Resolve the destination with `_correct_path` before the symlink check 
so the file actually being written is the one inspected.
   
   ---
   
   ##### Was generative AI tooling used to co-author this PR?
   
   - [ ] Yes (please specify the tool below)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to