Homepage

guarddog@2.7.0 vulnerabilities

GuardDog is a CLI tool for identifying malicious open source packages

  • latest version

    2.9.0

  • latest non vulnerable version

    2.9.0

  • first published

    3 years ago

  • latest version published

    1 months ago

  • licenses detected

  • View guarddog package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the guarddog package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Directory Traversal

    guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages

    Affected versions of this package are vulnerable to Directory Traversal via the safe_extract function. An attacker can overwrite arbitrary files and potentially execute code by crafting a malicious archive with path traversal filenames that are extracted outside the intended directory.

    How to fix Directory Traversal?

    Upgrade guarddog to version 2.7.1 or higher.

    [,2.7.1)
    • H
    Improper Handling of Highly Compressed Data (Data Amplification)

    guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages

    Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) via the safe_extract function. An attacker can exhaust disk space and disrupt services by submitting a specially crafted ZIP archive with highly compressed data, leading to resource exhaustion during extraction.

    How to fix Improper Handling of Highly Compressed Data (Data Amplification)?

    Upgrade guarddog to version 2.7.1 or higher.

    [,2.7.1)
    Go back to all versions of this package