Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract().

Browse source

Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.

Thanks Wang Baohua for the report.

...

This commit is contained in:

Mariusz Felisiak 2021-01-22 12:23:18 +01:00

parent 6822aa5c6c

commit 05413afa8c

10 changed files with 77 additions and 5 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download patch file Download diff file Expand all files Collapse all files

BIN

tests/utils_tests/traversal_archives/traversal.tar Normal file

View file

Binary file not shown.

BIN

tests/utils_tests/traversal_archives/traversal_absolute.tar Normal file

View file

Binary file not shown.

BIN

tests/utils_tests/traversal_archives/traversal_disk_win.tar Normal file

View file

Binary file not shown.

BIN

tests/utils_tests/traversal_archives/traversal_disk_win.zip Normal file

View file

Binary file not shown.