Title: gh-146581: Fix vulnerability in shutil.unpack_archive() for ZIP files on Windows by serhiy-storchaka · Pull Request #146591 · python/cpython · GitHub
Open Graph Title: gh-146581: Fix vulnerability in shutil.unpack_archive() for ZIP files on Windows by serhiy-storchaka · Pull Request #146591 · python/cpython
X Title: gh-146581: Fix vulnerability in shutil.unpack_archive() for ZIP files on Windows by serhiy-storchaka · Pull Request #146591 · python/cpython
Description: Use ZipFile.extractall() to sanitize file names and extract files. Files with invalid names (e.g. absolute paths) are now skipped. Files containing ".." in the name are no longer skipped. Issue: gh-146581
Open Graph Description: Use ZipFile.extractall() to sanitize file names and extract files. Files with invalid names (e.g. absolute paths) are now skipped. Files containing ".." in the name are no longer skipped....
X Description: Use ZipFile.extractall() to sanitize file names and extract files. Files with invalid names (e.g. absolute paths) are now skipped. Files containing ".." in the name are no longer ...
Opengraph URL: https://github.com/python/cpython/pull/146591
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:57d70da9-29db-c520-dbbf-8b0c49f22321 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | 8D54:9B0A:EEAB69:15BAF30:6A561670 |
| html-safe-nonce | 06789d7fa1eb1819a079399d31bdafadf9abe9af2b050313846e3c3e855eef0c |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI4RDU0OjlCMEE6RUVBQjY5OjE1QkFGMzA6NkE1NjE2NzAiLCJ2aXNpdG9yX2lkIjoiNTY3NDk0NDYyMzYxMDgyODQwMCIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | e47a37fa4d6bb33a44aa40f559d025e08c32d059101db13b30241e9706e0a272 |
| hovercard-subject-tag | pull_request:3462223329 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/python/cpython/pull/146591/files |
| twitter:image | https://avatars.githubusercontent.com/u/3659035?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/u/3659035?s=400&v=4 |
| og:image:alt | Use ZipFile.extractall() to sanitize file names and extract files. Files with invalid names (e.g. absolute paths) are now skipped. Files containing ".." in the name are no longer skipped.... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | f4368738fc918fecd9b3958f6b49218bbe60d4185f38e72e3954e11f1ad0213a |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/python/cpython git https://github.com/python/cpython.git |
| octolytics-dimension-user_id | 1525981 |
| octolytics-dimension-user_login | python |
| octolytics-dimension-repository_id | 81598961 |
| octolytics-dimension-repository_nwo | python/cpython |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 81598961 |
| octolytics-dimension-repository_network_root_nwo | python/cpython |
| turbo-body-classes | logged-out env-production page-responsive full-width |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | b76b9cc70d30da50674184c9c66c56423fd0b93c |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width