Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of Service via crafted zip file in jaraco/zipp
Vulnerability Description
A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.
CVSS Information
N/A
Vulnerability Type
不可达退出条件的循环(无限循环)
Vulnerability Title
zipp 资源管理错误漏洞
Vulnerability Description
zipp是Jason R. Coombs个人开发者的一个与 pathlib 兼容的 Zipfile 对象包装器。 zipp 3.19.1之前版本存在资源管理错误漏洞,该漏洞源于特制zip文件会导致无限循环,进而导致拒绝服务(DoS)。
CVSS Information
N/A
Vulnerability Type
N/A