CVE-2026-22871
- EPSS 0.58%
- Veröffentlicht 13.01.2026 20:46:57
- Zuletzt bearbeitet 21.01.2026 18:46:57
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extract...
CVE-2026-22870
- EPSS 0.05%
- Veröffentlicht 13.01.2026 20:43:43
- Zuletzt bearbeitet 21.01.2026 18:47:48
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service throug...
CVE-2022-23531
- EPSS 0.15%
- Veröffentlicht 17.12.2022 00:15:08
- Zuletzt bearbeitet 21.11.2024 06:48:45
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an atta...
CVE-2022-23530
- EPSS 0.81%
- Veröffentlicht 16.12.2022 23:15:09
- Zuletzt bearbeitet 21.11.2024 06:48:45
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpack_archive() from a potentially malic...