CNNVD-202601-1964 Information
CNNVD ID
CNNVD-202601-1964
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
GuardDog是GuardDog开源的一个 CLI 工具,允许识别恶意PyPI包。 GuardDog 2.7.1之前版本存在安全漏洞,该漏洞源于safe_extract()函数未验证解压缩文件大小,可能导致通过zip炸弹进行拒绝服务攻击。
Description (English)
GuardDog is a CLI tool that allows the identification of malicious PyPI packages. The previous version of GuardDog 2.7.1 contained a security loophole that originated from the safe extract() function that did not verify the size of the decompression file, which could lead to a denial of service attack through a zip bomb.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
GuardDog
Published
2026-01-13
Last Modified
2026-02-24
References
https://github.com/DataDog/guarddog/commit/c3fb07b4838945f42497e78b7a02bcfb1e63969b https://github.com/DataDog/guarddog/security/advisories/GHSA-ffj4-jq7m-9g6v https://access.redhat.com/security/cve/cve-2026-22870
Patch
https://github.com/DataDog/guarddog/releases
Share on: