uhei3nn9 added the comment:
Is there any update on this? Will this be fixed in the next release?
Having a code execution vulnerability (yes it is!) in python for 5 years does
not really spark confidence...
--
nosy: +uhei3nn9
___
Python tracker
New submission from uhei3nn9 :
As has been discovered in 06.2018 the python library is affected by the zip
slip vulbnerability (meaning code execution)
The affected section https://github.com/python/cpython/blob/3.7/Lib/tarfile.py
has not been patched since then.
Therefore it seems python
