wasm-micro-runtime/test-tools
TrellixVulnTeam 7ad3412591
Adding tarfile member sanitization to extractall() (#1709)
Fix a widespread bug named CVE-2007-4559, which is a 15 year old bug
in the Python tarfile package. By using extract() or extractall() on a tarfile
object without sanitizing input, a maliciously crafted .tar file could
perform a directory path traversal attack. This patch essentially checks to
see if all tarfile members will be extracted safely and throws an exception
otherwise.
2022-11-17 11:52:30 +08:00
..
binarydump-tool Enhance cmake makefiles (#1390) 2022-08-18 16:27:01 +08:00
build-wasi-sdk Adding tarfile member sanitization to extractall() (#1709) 2022-11-17 11:52:30 +08:00
component-test Fix syntax errors and undefined names in Python code (#1515) 2022-09-27 15:57:08 +08:00
host-tool Enhance cmake makefiles (#1390) 2022-08-18 16:27:01 +08:00
IoT-APP-Store-Demo Fix syntax errors and undefined names in Python code (#1515) 2022-09-27 15:57:08 +08:00
wamr-ide Add CIs to release new version and publish binary files (#1648) 2022-10-28 13:55:41 +08:00
.gitignore Implement SIMD latest opcodes and update LLVM to 13.0 (#758) 2021-09-17 19:12:57 +08:00