CNNVD-202601-3315 Information
CNNVD ID
CNNVD-202601-3315
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
jaraco.context是Jason R. Coombs个人开发者的一个Python库。 jaraco.context 5.2.0版本至6.1.0之前版本存在路径遍历漏洞,该漏洞源于tarball函数存在Zip Slip路径遍历,可能导致提取恶意tar存档时文件被提取到预期目录之外。
Description (English)
Jaraco.context is a Python library of Jason R. Coombs’ personal developers. Jaraco.context. Version 5.2.00 to 6.1.0 has a loophole in the path from the tarball function to the Zip Slip path, which could lead to the extraction of files outside the expected directory when the malicious tar is archived.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
个人开发者
Published
2026-01-20
Last Modified
2026-02-24
References
https://github.com/jaraco/jaraco.context/blob/main/jaraco/context/init.py#L74-L91 https://github.com/jaraco/jaraco.context/commit/7b26a42b525735e4085d2e994e13802ea339d5f9 https://github.com/jaraco/jaraco.context/security/advisories/GHSA-58pv-8j8x-9vj2 https://github.com/pypa/setuptools/blob/main/setuptools/_vendor/jaraco/context.py#L55-L76
Patch
https://github.com/jaraco/jaraco.context/releases
Share on: