]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: afe7703) | patch
gh-99889: Fix directory traversal security flaw in uu.decode() (#104096)
authorSam Carroll <70000253+samcarroll42@users.noreply.github.com>
Tue, 9 May 2023 16:01:58 +0000 (12:01 -0400)
committerGitHub <noreply@github.com>
Tue, 9 May 2023 16:01:58 +0000 (16:01 +0000)
commit0aeda297931820436a50b78f4f7f0597274b5df4
treee6e76aaf7522cb14fd43aaea46b323c71d36c4aatree | snapshot
parentafe7703744f813adb15719642444b5fd35888d86commit | diff
gh-99889: Fix directory traversal security flaw in uu.decode() (#104096)

* Fix directory traversal security flaw in uu.decode()
* also check absolute paths and os.altsep
* Add a regression test.

---------

Co-authored-by: Gregory P. Smith <greg@krypto.org> [Google]
Lib/test/test_uu.py diff | blob | blame | history
Lib/uu.py [changed mode: 0755->0644] diff | blob | blame | history
Misc/NEWS.d/next/Security/2023-05-02-17-56-32.gh-issue-99889.l664SU.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git