path traversal bug related to the use of the tarfile module #731
Labels
auto-locked
Outdated issues that have been locked by automation
type: bug
A confirmed bug or unintended behavior
Comments
|
Duplicate of #3907. |
|
@dstufft shouldn't the other issue be a duplicate of this one given that this issue is older ? (I don't mind) |
|
@d1b Yes generally, though I choose that one over this one because it worked as a stand in for both .zip and .tar while your two had one each. |
lock
bot
added
the
auto-locked
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
pip/util.py is vulnerable to path traversal when un-taring a tarfile in the untar_file method.
Provided that a malicious tar file is comprised of two entries with different starting paths (has_leading_dir returns false on line 485) the code in untar_file takes the filename provided from the call to tar.getmembers(line 489) and copies over the zip file contents out on line 525 (shutil.copyfileobj(fp, destfp) ).
The text was updated successfully, but these errors were encountered: