pdm
python · pdmHeads-up
PDM writes project-local files without symlink protection, allowing arbitrary file clobber
PDM writes project-local state/configuration files (pdm.
11 Jun 2026 · schedule it
python · pdmCritical
pdm: Path traversal in InstallDestination.write_to_fs() allows arbitrary file write
InstallDestination.write_to_fs() in src/pdm/installers/installers.py overrides the base class to add symlink/hardlink support but
11 Jun 2026 · act now