New submission from uhei3nn9 :
As has been discovered in 06.2018 the python library is affected by the zip
slip vulbnerability (meaning code execution)
The affected section https://github.com/python/cpython/blob/3.7/Lib/tarfile.py
has not been patched since then.
Therefore it seems python has not yet fixed this vulnerability.
Source:
https://github.com/snyk/zip-slip-vulnerability
--
components: Library (Lib)
messages: 334910
nosy: uhei3nn9
priority: normal
severity: normal
status: open
title: Zip Slip Vulnerability
type: security
versions: Python 2.7, Python 3.4, Python 3.5, Python 3.6, Python 3.7, Python 3.8
___
Python tracker
<https://bugs.python.org/issue35909>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com