[issue21109] tarfile: Traversal attack vulnerability

[uhei3nn9]

uhei3nn9  added the comment:

Is there any update on this? Will this be fixed in the next release?

Having a code execution vulnerability (yes it is!) in python for 5 years does 
not really spark confidence...

--
nosy: +uhei3nn9

___
Python tracker 
<https://bugs.python.org/issue21109>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35909] Zip Slip Vulnerability

[uhei3nn9]

New submission from uhei3nn9 :

As has been discovered in 06.2018 the python library is affected by the zip 
slip vulbnerability (meaning code execution)

The affected section https://github.com/python/cpython/blob/3.7/Lib/tarfile.py 
has not been patched since then.

Therefore it seems python has not yet fixed this vulnerability.


Source:
https://github.com/snyk/zip-slip-vulnerability

--
components: Library (Lib)
messages: 334910
nosy: uhei3nn9
priority: normal
severity: normal
status: open
title: Zip Slip Vulnerability
type: security
versions: Python 2.7, Python 3.4, Python 3.5, Python 3.6, Python 3.7, Python 3.8

___
Python tracker 
<https://bugs.python.org/issue35909>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com