pip 安全漏洞

pip is a Python package installer open-sourced by the Python Packaging Authority. A security vulnerability exists in pip that stems from a failure to check whether symbolic links point to extracted directories, which could lead to a path traversal attack...

CVE-2021-32803

The npm package "tar" aka node-tar has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted...