[docs] [issue20749] shutil.unpack_archive(): security concerns not documented

Jakub Wilk report at bugs.python.org
Sun Feb 23 22:13:37 CET 2014


New submission from Jakub Wilk:

shutil.unpack_archive() uses tarfile.extractall() under the hood, so it's not suitable for unpacking untrusted archives. But this fact is not documented.

Please add a security warning to shutil.unpack_archive() documentation.

----------
assignee: docs at python
components: Documentation
messages: 212029
nosy: docs at python, jwilk
priority: normal
severity: normal
status: open
title: shutil.unpack_archive(): security concerns not documented

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue20749>
_______________________________________


More information about the docs mailing list