[issue21109] tarfile: Traversal attack vulnerability
Tal Einat
report at bugs.python.org
Mon Aug 27 15:09:47 EDT 2018
Tal Einat <taleinat at gmail.com> added the comment:
Lars, a huge +1 from me for your suggested approach and patch. I'd like to work this into a review-ready PR.
The patch is a great step forward but still a ways from being ready for a PR: It is missing tests entirely and there are still several important methods of SafeTarFile which don't use the safety logic, e.g. next() and getmemebers().
Lars, would you be interested in continuing to work on this?
----------
nosy: +taleinat
versions: +Python 3.8
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue21109>
_______________________________________
More information about the Python-bugs-list
mailing list