You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
assignee=Noneclosed_at=Nonecreated_at=<Date2017-08-10.13:05:08.569>labels= ['type-bug', 'library']
title='Exception while extracting file from ZIP with non-matching file name in central directory'updated_at=<Date2017-08-10.13:08:08.683>user='https://github.com/zyxtarmo'
The problem: miscreants are modifying ZIP file header parts so, that Python based automated analysis tools are unable to process the contents of the ZIP file but intended clients are able to open the file and extract the possibly malicious contents.
Github pull request contains patch addressing the issue so that developer can make conscious decision to allow extraction process to complete. Quite important feature for security researchers.
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: