Skip to content

tarfile.extractall(filter='data') allows symlink escape through hardlink-extraction fallback #151558

Open
Open
tarfile.extractall(filter='data') allows symlink escape through hardlink-extraction fallback#151558
Assignees
StanFromIreland
Labels
3.10only security fixes3.11only security fixes3.12only security fixes3.13bugs and security fixes3.14bugs and security fixes3.15pre-release feature fixes, bugs and security fixes3.16new features, bugs and security fixesstdlibStandard Library Python modules in the Lib/ directorytype-securityA security issue
@StanFromIreland

Description

@StanFromIreland
StanFromIreland
opened on Jun 16, 2026

More details to follow - patience is bitter, but its fruit is sweet. ;-)

Linked PRs

Metadata

Metadata

Assignees

Labels

3.10only security fixes3.11only security fixes3.12only security fixes3.13bugs and security fixes3.14bugs and security fixes3.15pre-release feature fixes, bugs and security fixes3.16new features, bugs and security fixesstdlibStandard Library Python modules in the Lib/ directorytype-securityA security issue

Fields

No fields configured for issues without a type.

Projects

Tarfile issues
Status
No status

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions