PublicArchive/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-05-09 14:11:28 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
c25400a4b63563c3aea7c8863e9bc06eeca3acca
cpython/Tools/ssl
T
History
Tommaso Bona 31d3836f26 gh-138158: Use the "data" tarfile extraction filter in Tools/ssl/multissltests.py (#138147) 
The `Tools/ssl/multissltests.py` script may extract a possibly untrusted tarball.
Since the script does not necessarily use Python 3.14 or later (where the `"data"`
filter became the default `tarfile` extraction filter), the user may theoretically
suffer from a path traversal attack.

Although the script should not be used in production and usually relies on downloading
trusted sources, the `"data"` extraction filter is now explicitly used wherever relevant.
2025-08-30 12:27:32 +02:00
..
make_ssl_data.py
gh-131423: update note in Tools/ssl/make_ssl_data.py (#133077)
2025-04-28 11:11:46 +00:00
multissltests.py
gh-138158: Use the "data" tarfile extraction filter in Tools/ssl/multissltests.py (#138147)
2025-08-30 12:27:32 +02:00