This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author uhei3nn9
Recipients uhei3nn9
Date 2019-02-06.09:37:04
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1549445824.49.0.751818540829.issue35909@roundup.psfhosted.org>
In-reply-to
Content
As has been discovered in 06.2018 the python library is affected by the zip slip vulbnerability (meaning code execution)

The affected section https://github.com/python/cpython/blob/3.7/Lib/tarfile.py has not been patched since then.

Therefore it seems python has not yet fixed this vulnerability.


Source:
https://github.com/snyk/zip-slip-vulnerability
History
Date User Action Args
2019-02-06 09:37:07uhei3nn9setrecipients: + uhei3nn9
2019-02-06 09:37:04uhei3nn9setmessageid: <1549445824.49.0.751818540829.issue35909@roundup.psfhosted.org>
2019-02-06 09:37:04uhei3nn9linkissue35909 messages
2019-02-06 09:37:04uhei3nn9create