diff options
author | Chris Jerdonek <chris.jerdonek@gmail.com> | 2019-06-11 01:11:42 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-06-11 01:11:42 -0700 |
commit | 5776ddd05896162e283737d7fcdf8f5a63a97bbc (patch) | |
tree | 31489e9937b6a68ac8d94caee665b3b1685c4efe /news | |
parent | 148519396d2c66fd653805546f6356525bfa6eae (diff) | |
parent | a4c735b14a62f9cb864533808ac63936704f2ace (diff) | |
download | pip-5776ddd05896162e283737d7fcdf8f5a63a97bbc.tar.gz |
Merge pull request #6418 from gzpan123/master
FIX #6413 pip install <url> allow directory traversal
Diffstat (limited to 'news')
-rw-r--r-- | news/6413.bugfix | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/news/6413.bugfix b/news/6413.bugfix new file mode 100644 index 000000000..68d0a72f6 --- /dev/null +++ b/news/6413.bugfix @@ -0,0 +1,3 @@ +Prevent ``pip install <url>`` from permitting directory traversal if e.g. +a malicious server sends a ``Content-Disposition`` header with a filename +containing ``../`` or ``..\\``. |