This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients 18z, Victor Kung, christian.heimes, krnick, serhiy.storchaka, vstinner, xtreak
Date 2019-04-03.18:09:44
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
The suggested approach is merely a heuristic that reduces the impact of a zipbomb. An attacker can circumvent the heuristic. In best case scenario, the approach just increases the cost factor for a successful DoS. For example an attacker may have to upload 10 larger zip files instead of one smaller zip file to fill up the disk space of a server.

The correct approach is to always verify all data from untrusted sources. It's the 101 of application security.
Date User Action Args
2019-04-03 18:09:44christian.heimessetrecipients: + christian.heimes, vstinner, serhiy.storchaka, 18z, xtreak, krnick, Victor Kung
2019-04-03 18:09:44christian.heimessetmessageid: <>
2019-04-03 18:09:44christian.heimeslinkissue36260 messages
2019-04-03 18:09:44christian.heimescreate