Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[3.7] gh-99889: Fix directory traversal security flaw in uu.decode() (GH-104096) #104333

Merged
merged 2 commits into from
May 27, 2023

Conversation

miss-islington
Copy link
Contributor

@miss-islington miss-islington commented May 9, 2023

  • Fix directory traversal security flaw in uu.decode()
  • also check absolute paths and os.altsep
  • Add a regression test.

(cherry picked from commit 0aeda29)

Co-authored-by: Sam Carroll 70000253+samcarroll42@users.noreply.github.com
Co-authored-by: Gregory P. Smith greg@krypto.org [Google]

…ythonGH-104096)

* Fix directory traversal security flaw in uu.decode()
* also check absolute paths and os.altsep
* Add a regression test.

---------

(cherry picked from commit 0aeda29)

Co-authored-by: Sam Carroll <70000253+samcarroll42@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org> [Google]
@ned-deily ned-deily merged commit 1ce801b into python:3.7 May 27, 2023
@miss-islington miss-islington deleted the backport-0aeda29-3.7 branch May 27, 2023 07:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type-security A security issue
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants