2 matches found
PT-2024-10802 · Dotmesh · Dotmesh
Name of the Vulnerable Software and Affected Versions: Dotmesh versions 0.8.1 and prior Description: The issue is related to the unsafe handling of symbolic links in an unpacking routine, which may enable attackers to read and/or write to arbitrary locations outside the designated target folder...
GitHub Security Lab: [Python] Unsafe unpacking using shutil.unpack_archive() query and tests
Vulnerability description not provided...