René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"tarfile: Traversal attack vulnerability","articleBody":"BPO | [21109](https://bugs.python.org/issue21109)\n--- | :---\nNosy | @birkenfeld, @jcea, @gustaebel, @vstinner, @taleinat, @tiran, @benjaminp, @jwilk, @ned-deily, @vadmium, @serhiy-storchaka, @psyker156, @shanxS, @epicfaace, @websurfer5\nPRs | \u003cli\u003epython/cpython#15244\u003c/li\u003e\nDependencies | \u003cli\u003ebpo-17102: tarfile extract can write files outside the destination path\u003c/li\u003e\u003cli\u003ebpo-29788: [Security] tarfile: Add absolute_path option to tarfile, disabled by default\u003c/li\u003e\nFiles | \u003cli\u003e[prevent-tar-traversal-attack.diff](https://bugs.python.org/file34676/prevent-tar-traversal-attack.diff \"Uploaded as text/plain at 2014-03-31.08:14:17 by Daniel.Garcia\"): patch to prevent\u003c/li\u003e\u003cli\u003e[safetarfile-1.diff](https://bugs.python.org/file35127/safetarfile-1.diff \"Uploaded as text/plain at 2014-05-01.12:12:08 by @gustaebel\"): New SafeTarFile class and documentation\u003c/li\u003e\u003cli\u003e[safetarfile-2.diff](https://bugs.python.org/file47800/safetarfile-2.diff \"Uploaded as text/plain at 2018-09-13.04:03:14 by @shanxS\")\u003c/li\u003e\u003cli\u003e[safetarfile-3.diff](https://bugs.python.org/file47803/safetarfile-3.diff \"Uploaded as text/plain at 2018-09-14.07:21:53 by @shanxS\")\u003c/li\u003e\u003cli\u003e[safetarfile-4.diff](https://bugs.python.org/file47826/safetarfile-4.diff \"Uploaded as text/plain at 2018-09-26.07:18:06 by @shanxS\")\u003c/li\u003e\n\n\u003csup\u003e*Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.*\u003c/sup\u003e\n\n\u003cdetails\u003e\u003csummary\u003eShow more details\u003c/summary\u003e\u003cp\u003e\n\nGitHub fields:\n```python\nassignee = 'https://github.com/gustaebel'\nclosed_at = None\ncreated_at = \u003cDate 2014-03-31.08:14:19.090\u003e\nlabels = ['type-security', 'library', '3.9']\ntitle = 'tarfile: Traversal attack vulnerability'\nupdated_at = \u003cDate 2021-02-27.08:56:06.564\u003e\nuser = 'https://bugs.python.org/DanielGarcia'\n```\n\nbugs.python.org fields:\n```python\nactivity = \u003cDate 2021-02-27.08:56:06.564\u003e\nactor = 'vstinner'\nassignee = 'lars.gustaebel'\nclosed = False\nclosed_date = None\ncloser = None\ncomponents = ['Library (Lib)']\ncreation = \u003cDate 2014-03-31.08:14:19.090\u003e\ncreator = 'Daniel.Garcia'\ndependencies = ['17102', '29788']\nfiles = ['34676', '35127', '47800', '47803', '47826']\nhgrepos = []\nissue_num = 21109\nkeywords = ['patch', 'security_issue']\nmessage_count = 35.0\nmessages = ['215222', '215223', '215224', '215225', '215226', '215237', '215239', '215242', '215656', '215658', '216675', '217188', '217189', '217690', '277339', '289438', '324193', '324198', '324262', '324908', '325229', '325329', '325491', '325607', '325635', '326423', '326437', '327451', '327458', '334921', '335078', '335292', '349517', '349583', '387772']\nnosy_count = 19.0\nnosy_names = ['georg.brandl', 'jcea', 'lars.gustaebel', 'vstinner', 'taleinat', 'christian.heimes', 'benjamin.peterson', 'jwilk', 'ned.deily', 'Arfrever', 'martin.panter', 'serhiy.storchaka', 'edulix', 'Daniel.Garcia', 'Philippe.Godbout', 'shanxS', 'epicfaace', 'uhei3nn9', 'Jeffrey.Kintscher']\npr_nums = ['15244']\npriority = 'high'\nresolution = None\nstage = 'patch review'\nstatus = 'open'\nsuperseder = None\ntype = 'security'\nurl = 'https://bugs.python.org/issue21109'\nversions = ['Python 3.9']\n```\n\n\u003c/p\u003e\u003c/details\u003e\n","author":{"url":"https://github.com/DanielGarcia","@type":"Person","name":"DanielGarcia"},"datePublished":"2014-03-31T08:14:19.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":39},"url":"https://github.com/65308/cpython/issues/65308"}