Description
Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.
Remediation
References
Related Vulnerabilities
WordPress Plugin Related Sites 'guid' Parameter SQL Injection (2.1)
WordPress Plugin AVH Extended Categories Widgets SQL Injection (4.0.0)
WordPress Plugin Taxonomy Converter Unspecified Vulnerability (1.1)
WordPress Plugin Gallery by BestWebSoft 'php.php' Arbitrary File Upload (3.06)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5318)