[New-bugs-announce] [issue35909] Zip Slip Vulnerability
uhei3nn9
report at bugs.python.org
Wed Feb 6 04:37:04 EST 2019
New submission from uhei3nn9 <uhei3nn9 at mailbox.org>:
As has been discovered in 06.2018 the python library is affected by the zip slip vulbnerability (meaning code execution)
The affected section https://github.com/python/cpython/blob/3.7/Lib/tarfile.py has not been patched since then.
Therefore it seems python has not yet fixed this vulnerability.
Source:
https://github.com/snyk/zip-slip-vulnerability
----------
components: Library (Lib)
messages: 334910
nosy: uhei3nn9
priority: normal
severity: normal
status: open
title: Zip Slip Vulnerability
type: security
versions: Python 2.7, Python 3.4, Python 3.5, Python 3.6, Python 3.7, Python 3.8
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue35909>
_______________________________________
More information about the New-bugs-announce
mailing list