← Back to CVE List

CVE-2022-23531

Published: 2022-12-17T00:15Z
Last Modified: 2024-11-21T06:48Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt