CNNVD-202601-1963 Information

CNNVD ID

CNNVD-202601-1963

Related CVE

CVE-2026-22871

• CNNVD Published: 2026-01-13

Description (Chinese)

GuardDog是GuardDog开源的一个 CLI 工具，允许识别恶意PyPI包。 GuardDog 2.7.1之前版本存在路径遍历漏洞，该漏洞源于safe_extract()函数存在路径遍历，可能导致任意文件覆盖和远程代码执行。

Description (English)

GuardDog is a CLI tool that allows the identification of malicious PyPI packages. The previous version of GuardDog 2.7.1 has a path-wide loophole that originates from the safe extract() function, which may lead to any file overwrite and remote code execution.

Hazard Level

Low

Vulnerability Type

路径遍历

Affected Vendor

GuardDog

Published

2026-01-13

Last Modified

2026-02-24

References

https://github.com/DataDog/guarddog/security/advisories/GHSA-xg9w-vg3g-6m68 https://github.com/DataDog/guarddog/commit/9aa6a725b2c71d537d3c18d1c15621395ebb879c https://access.redhat.com/security/cve/cve-2026-22871

Patch

https://github.com/DataDog/guarddog/releases