New submission from Jakub Wilk: shutil.unpack_archive() uses tarfile.extractall() under the hood, so it's not suitable for unpacking untrusted archives. But this fact is not documented.
Please add a security warning to shutil.unpack_archive() documentation. ---------- assignee: docs@python components: Documentation messages: 212029 nosy: docs@python, jwilk priority: normal severity: normal status: open title: shutil.unpack_archive(): security concerns not documented _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue20749> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
