Eric V. Smith <e...@trueblade.com> added the comment:
This is documented in the tarfile docs: Warning Never extract archives from untrusted sources without prior inspection. It is possible that files are created outside of path, e.g. members that have absolute filenames starting with "/" or filenames with two dots "..". ---------- nosy: +eric.smith _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue45170> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com