instagrapi is vulnerable to Insecure Temporary File
25
Low Risk
The reel and story building helpers in clip.py and story.py create temporary media files with tempfile.mktemp, which only returns a predictable path and does not atomically create the file. On a shared host a local attacker can pre-create a symlink at that predictable path during the window before the library opens it, redirecting the written audio or video content to an attacker-chosen file or exposing the media being processed. This time-of-check to time-of-use race can lead to local file overwrite or disclosure. The fix introduces a _make_tmp_path helper built on tempfile.mkstemp that atomically creates a uniquely named file and closes the race window.
You are affected if you are using a version that falls within the vulnerable range and you use the reel or story building and upload helpers on a shared or multi-user system.
instagrapi is vulnerable to Insecure Temporary File in versions 1.0.0 - 2.5.9.
Upgrade the instagrapi library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant