wasm-micro-runtime

mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2025-10-31 13:17:31 +00:00

History

TrellixVulnTeam 7ad3412591 Adding tarfile member sanitization to extractall() (#1709 ) Fix a widespread bug named CVE-2007-4559, which is a 15 year old bug in the Python tarfile package. By using extract() or extractall() on a tarfile object without sanitizing input, a maliciously crafted .tar file could perform a directory path traversal attack. This patch essentially checks to see if all tarfile members will be extracted safely and throws an exception otherwise.	2022-11-17 11:52:30 +08:00
..
patches	Implement SIMD latest opcodes and update LLVM to 13.0 (#758 )	2021-09-17 19:12:57 +08:00
build_wasi_sdk.py	Adding tarfile member sanitization to extractall() (#1709 )	2022-11-17 11:52:30 +08:00

TrellixVulnTeam 7ad3412591

Adding tarfile member sanitization to extractall() (#1709 )

Fix a widespread bug named CVE-2007-4559, which is a 15 year old bug
in the Python tarfile package. By using extract() or extractall() on a tarfile
object without sanitizing input, a maliciously crafted .tar file could
perform a directory path traversal attack. This patch essentially checks to
see if all tarfile members will be extracted safely and throws an exception
otherwise.

2022-11-17 11:52:30 +08:00

patches

Implement SIMD latest opcodes and update LLVM to 13.0 (#758 )

2021-09-17 19:12:57 +08:00

build_wasi_sdk.py

Adding tarfile member sanitization to extractall() (#1709 )

2022-11-17 11:52:30 +08:00