漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS
Vulnerability Description
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabytes of disk space from a few megabytes of compressed data. This vulnerability is fixed in 2.7.1.
CVSS Information
N/A
Vulnerability Type
对高度压缩数据的处理不恰当(数据放大攻击)
Vulnerability Title
GuardDog 安全漏洞
Vulnerability Description
GuardDog是GuardDog开源的一个 CLI 工具,允许识别恶意PyPI包。 GuardDog 2.7.1之前版本存在安全漏洞,该漏洞源于safe_extract()函数未验证解压缩文件大小,可能导致通过zip炸弹进行拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A