René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Directory traversal in uu module / uu.decode","articleBody":"# Bug report\r\n\r\nThe function uu.decode is vulnerable to trivial directory traversal if no output filename is given. An uu-encoded file with a path starting with a repetition of ../../ or a / allows writing a file to an arbitrary location on the filesystem. \r\n\r\nI reported this to security@python.org and was asked to report it publicly as the function is rarely used and removal is planned anyway for Python 3.13.\r\n\r\n# Your environment\r\n\r\nCPython versions tested on: 3.10.8\r\nOperating system and architecture: Linux\r\n\r\n# example files\r\n\r\nCase 1:\r\n```\r\nbegin 644 ../../../../../../../../tmp/test1\r\n$86)C\"@``\r\n`\r\nend\r\n```\r\n\r\nCase 2:\r\n```\r\nbegin 644 /tmp/test2\r\n$86)C\"@``\r\n`\r\nend\r\n```\n\n\u003c!-- gh-linked-prs --\u003e\n### Linked PRs\n* gh-104096\n* gh-104329\n* gh-104330\n* gh-104331\n* gh-104332\n* gh-104333\n\u003c!-- /gh-linked-prs --\u003e\n","author":{"url":"https://github.com/hannob","@type":"Person","name":"hannob"},"datePublished":"2022-11-30T07:50:33.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":2},"url":"https://github.com/99889/cpython/issues/99889"}