guarddog 0.1.4

Direct Vulnerabilities

Known vulnerabilities in the guarddog package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Directory Traversal guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages Affected versions of this package are vulnerable to Directory Traversal via the `safe_extract` function. An attacker can overwrite arbitrary files and potentially execute code by crafting a malicious archive with path traversal filenames that are extracted outside the intended directory. How to fix Directory Traversal? Upgrade `guarddog` to version 2.7.1 or higher.	[,2.7.1)
H Improper Handling of Highly Compressed Data (Data Amplification) guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) via the `safe_extract` function. An attacker can exhaust disk space and disrupt services by submitting a specially crafted ZIP archive with highly compressed data, leading to resource exhaustion during extraction. How to fix Improper Handling of Highly Compressed Data (Data Amplification)? Upgrade `guarddog` to version 2.7.1 or higher.	[,2.7.1)
M Directory Traversal guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages Affected versions of this package are vulnerable to Directory Traversal when using `shutil.unpack_archive()` from a remotely retrieved tarball. It can lead to writing the extracted file to an unintended destination. How to fix Directory Traversal? Upgrade `guarddog` to version 0.1.8 or higher.	[,0.1.8)
M Arbitrary File Write via Archive Extraction (Zip Slip) guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the `extract` and `extractall` functions in the `tarfile` module, allows user-assisted remote attackers to overwrite arbitrary files. How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? Upgrade `guarddog` to version 0.1.5 or higher.	[,0.1.5)

Vulnerability

Vulnerable Version

Directory Traversal

guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages

Affected versions of this package are vulnerable to Directory Traversal via the safe_extract function. An attacker can overwrite arbitrary files and potentially execute code by crafting a malicious archive with path traversal filenames that are extracted outside the intended directory.

How to fix Directory Traversal?

Upgrade guarddog to version 2.7.1 or higher.

[,2.7.1)

Improper Handling of Highly Compressed Data (Data Amplification)

guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) via the safe_extract function. An attacker can exhaust disk space and disrupt services by submitting a specially crafted ZIP archive with highly compressed data, leading to resource exhaustion during extraction.

How to fix Improper Handling of Highly Compressed Data (Data Amplification)?

Upgrade guarddog to version 2.7.1 or higher.

[,2.7.1)

Directory Traversal

guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages

Affected versions of this package are vulnerable to Directory Traversal when using shutil.unpack_archive() from a remotely retrieved tarball. It can lead to writing the extracted file to an unintended destination.

How to fix Directory Traversal?

Upgrade guarddog to version 0.1.8 or higher.

[,0.1.8)

Arbitrary File Write via Archive Extraction (Zip Slip)

guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the extract and extractall functions in the tarfile module, allows user-assisted remote attackers to overwrite arbitrary files.

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

Upgrade guarddog to version 0.1.5 or higher.

[,0.1.5)

guarddog@0.1.4

GuardDog is a CLI tool for identifying malicious open source packages

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically