Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary file write when scanning a specially-crafted local PyPI package
Vulnerability Description
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
相对路径遍历
Vulnerability Title
GuardDog 路径遍历漏洞
Vulnerability Description
GuardDog是GuardDog开源的一个 CLI 工具,允许识别恶意PyPI包。 GuardDog 0.1.5之前版本存在安全漏洞,该漏洞源于在扫描特制的本地PyPI包时容易受到相对路径遍历的攻击。
CVSS Information
N/A
Vulnerability Type
N/A