Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS
Vulnerability Description
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabytes of disk space from a few megabytes of compressed data. This vulnerability is fixed in 2.7.1.
CVSS Information
N/A
Vulnerability Type
对高度压缩数据的处理不恰当(数据放大攻击)
Vulnerability Title
GuardDog 安全漏洞
Vulnerability Description
GuardDog是GuardDog开源的一个 CLI 工具,允许识别恶意PyPI包。 GuardDog 2.7.1之前版本存在安全漏洞,该漏洞源于safe_extract()函数未验证解压缩文件大小,可能导致通过zip炸弹进行拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A