Количество 2
Количество 2
CVE-2022-23531
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5.
GHSA-rp2v-v467-q9vq
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-23531 GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5. | CVSS3: 5.8 | 0% Низкий | около 3 лет назад |
| GHSA-rp2v-v467-q9vq GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package | CVSS3: 5.8 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу