Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[3.9] gh-99889: Fix directory traversal security flaw in uu.decode() (GH-104096) #104331

Merged
merged 1 commit into from
May 22, 2023

Conversation

miss-islington
Copy link
Contributor

@miss-islington miss-islington commented May 9, 2023

  • Fix directory traversal security flaw in uu.decode()
  • also check absolute paths and os.altsep
  • Add a regression test.

(cherry picked from commit 0aeda29)

Co-authored-by: Sam Carroll 70000253+samcarroll42@users.noreply.github.com
Co-authored-by: Gregory P. Smith greg@krypto.org [Google]

…ythonGH-104096)

* Fix directory traversal security flaw in uu.decode()
* also check absolute paths and os.altsep
* Add a regression test.

---------

(cherry picked from commit 0aeda29)

Co-authored-by: Sam Carroll <70000253+samcarroll42@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org> [Google]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type-security A security issue
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants