Sed
Monthly
GNU sed with -i (in-place edit) and --follow-symlinks options is vulnerable to a time-of-check-time-of-use (TOCTOU) race condition that allows local attackers to overwrite arbitrary files with attacker-controlled content. An attacker can atomically replace a symlink target between sed's symlink resolution and file open operations, causing sed to read from an attacker-chosen file while writing output to an unintended location. The vulnerability affects sed versions prior to 4.10 and requires precise timing on the same filesystem, resulting in a CVSS score of 2.1 due to low attack complexity but limited practical exploitation window.
GNU sed with -i (in-place edit) and --follow-symlinks options is vulnerable to a time-of-check-time-of-use (TOCTOU) race condition that allows local attackers to overwrite arbitrary files with attacker-controlled content. An attacker can atomically replace a symlink target between sed's symlink resolution and file open operations, causing sed to read from an attacker-chosen file while writing output to an unintended location. The vulnerability affects sed versions prior to 4.10 and requires precise timing on the same filesystem, resulting in a CVSS score of 2.1 due to low attack complexity but limited practical exploitation window.