python · pdmHeads-up
PDM writes project-local files without symlink protection, allowing arbitrary file clobber
PDM writes project-local state/configuration files (pdm.
What changed
PDM writes project-local state/configuration files (pdm.toml, .pdm-python, .python-version) without symlink protection, allowing arbitrary file clobber if a malicious repository places those files as symlinks.
Who it affects
Users running PDM commands (e.g., `pdm config -l`) in attacker-controlled repositories, especially when PDM is run with elevated privileges.
What to do today
Review and apply the recommended remediation: refuse to write project-local config/state files when the destination is a symlink, use lstat and O_NOFOLLOW, and use atomic temp-file replacement after confirming the destination is a regular file.
The trail
Collected→
Audited→
Written→
Published
Source
GitHub Advisory · pdm