[issue20749] shutil.unpack_archive(): security concerns not documented
Jakub Wilk
report at bugs.python.org
Sun Feb 23 22:13:37 CET 2014
New submission from Jakub Wilk:
shutil.unpack_archive() uses tarfile.extractall() under the hood, so it's not suitable for unpacking untrusted archives. But this fact is not documented.
Please add a security warning to shutil.unpack_archive() documentation.
----------
assignee: docs at python
components: Documentation
messages: 212029
nosy: docs at python, jwilk
priority: normal
severity: normal
status: open
title: shutil.unpack_archive(): security concerns not documented
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue20749>
_______________________________________
More information about the Python-bugs-list
mailing list