tarfile: Traversal attack vulnerability (original) (raw)
| BPO | 21109 |
|---|---|
| Nosy | @birkenfeld, @jcea, @gustaebel, @vstinner, @taleinat, @tiran, @benjaminp, @jwilk, @ned-deily, @vadmium, @serhiy-storchaka, @psyker156, @shanxS, @epicfaace, @websurfer5 |
| PRs | bpo-21109: Add SafeTarFile #15244 |
| Dependencies | bpo-17102: tarfile extract can write files outside the destination pathbpo-29788: [Security] tarfile: Add absolute_path option to tarfile, disabled by default |
| Files | prevent-tar-traversal-attack.diff: patch to preventsafetarfile-1.diff: New SafeTarFile class and documentationsafetarfile-2.diffsafetarfile-3.diffsafetarfile-4.diff |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
assignee = 'https://github.com/gustaebel' closed_at = None created_at = <Date 2014-03-31.08:14:19.090> labels = ['type-security', 'library', '3.9'] title = 'tarfile: Traversal attack vulnerability' updated_at = <Date 2021-02-27.08:56:06.564> user = 'https://bugs.python.org/DanielGarcia'
bugs.python.org fields:
activity = <Date 2021-02-27.08:56:06.564> actor = 'vstinner' assignee = 'lars.gustaebel' closed = False closed_date = None closer = None components = ['Library (Lib)'] creation = <Date 2014-03-31.08:14:19.090> creator = 'Daniel.Garcia' dependencies = ['17102', '29788'] files = ['34676', '35127', '47800', '47803', '47826'] hgrepos = [] issue_num = 21109 keywords = ['patch', 'security_issue'] message_count = 35.0 messages = ['215222', '215223', '215224', '215225', '215226', '215237', '215239', '215242', '215656', '215658', '216675', '217188', '217189', '217690', '277339', '289438', '324193', '324198', '324262', '324908', '325229', '325329', '325491', '325607', '325635', '326423', '326437', '327451', '327458', '334921', '335078', '335292', '349517', '349583', '387772'] nosy_count = 19.0 nosy_names = ['georg.brandl', 'jcea', 'lars.gustaebel', 'vstinner', 'taleinat', 'christian.heimes', 'benjamin.peterson', 'jwilk', 'ned.deily', 'Arfrever', 'martin.panter', 'serhiy.storchaka', 'edulix', 'Daniel.Garcia', 'Philippe.Godbout', 'shanxS', 'epicfaace', 'uhei3nn9', 'Jeffrey.Kintscher'] pr_nums = ['15244'] priority = 'high' resolution = None stage = 'patch review' status = 'open' superseder = None type = 'security' url = 'https://bugs.python.org/issue21109' versions = ['Python 3.9']