A security issue was found in zstd before version 1.4.9. During compression and decompression, files were created with the default umask before tightening the file permissions to 0600. By exploiting this race condition, attackers could read or write files they would otherwise not be allowed to access.
A security issue was found in zstd before version 1.4.9. During compression and decompression, files were created with the default umask before tightening the file permissions to 0600. By exploiting this race condition, attackers could read or write files they would otherwise not be allowed to access.
https://github.com/facebook/zstd/issues/2491 https://github.com/facebook/zstd/issues/1630 https://github.com/facebook/zstd/pull/2495 https://github.com/facebook/zstd/commit/a2adc6df9f44ca9b180872e18528fd236e8a4d20