Listen to this Post
The vulnerability, known as a Zip Slip attack, exists in the `jaraco.context.tarball()` function from version 5.2.0 up to, but not including, 6.1.0. The core issue lies in the `strip_first_component` filter, which is intended to remove the top-level directory from a tarball’s paths (e.g., converting `dummy_dir/file.txt` to file.txt). It does this by splitting the path at the first `/` and using the second part. However, the function fails to sanitize or resolve `../` path traversal sequences. This means a maliciously crafted path like `dummy_dir/../../etc/passwd` is transformed by the filter into ../../etc/passwd. When the extraction routine processes this new path, the `../` sequences cause the file to be written outside the target directory, potentially overwriting sensitive system files. The vulnerability is exacerbated by the fact it also applies to nested tarballs; an inner archive containing paths like `dummy_dir/../../config/.env` will also have its paths mishandled, leading to the same traversal issue. The vulnerability is present because the custom filter overwrites any native path sanitization that newer versions of Python (3.12+) might provide, creating a false sense of security. The attack requires no privileges or user interaction beyond the processing of a malicious archive .
dailycve form:
Platform: jaraco.context
Version: 5.2.0 to <6.1.0
Vulnerability : Zip Slip
Severity: High (8.6)
date: 2026-01-19
Prediction: include expected Patch date. Patched in 6.1.0
What Undercode Say:
Analytics:
The vulnerability is a classic path traversal (CWE-22) with a CVSS:3.1 score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). The attack vector is network-based, requires low complexity, and needs no privileges or user interaction, indicating it is easily exploitable. The scope is changed, meaning the vulnerable component impacts resources beyond its execution environment, and it has a high impact on confidentiality, allowing unauthorized file system read access .
Exploit:
A proof-of-concept involves creating a malicious tar archive. The key is to embed paths that use directory traversal sequences after a single top-level directory.
Create a malicious file structure (simulating an archive contents)
This path, when processed, becomes ../../etc/passwd
echo "malicious content" > dummy_dir/../../etc/passwd
Create the tar archive containing the malicious path
Note: The actual file creation for 'dummy_dir/../../etc/passwd' might fail on a secured system,
but the entry within the tar file can be crafted using tools like 'pax' or hex editors.
tar -cf malicious.tar dummy_dir/../../etc/passwd
Vulnerable code (Python) that would process this:
from jaraco.context import tarball
with tarball('malicious.tar', extract_dir='/safe/path') as extract_path:
pass The file would be extracted to /etc/passwd instead of /safe/path/etc/passwd
A more sophisticated attack uses a nested tarball to bypass superficial checks.
Create a dummy inner archive with traversal echo "SECRET_KEY=dummy" > dummy_dir/../../config/.env tar -czf inner.tar.gz dummy_dir/../../config/.env Create the outer archive containing the malicious inner archive tar -cf nested_malicious.tar dummy_dir/inner.tar.gz When extracted by the vulnerable function, inner.tar.gz is extracted, and its contents (config/.env) are written outside the target directory.
Note: These commands are for educational purposes only. Always test in an isolated environment .
Protection from this CVE:
Immediate protection is achieved by upgrading the `jaraco.context` package to version 6.1.0 or later, which contains the patch for this issue .
Upgrade using pip pip install --upgrade jaraco.context For systems using setuptools (which bundles jaraco.context), ensure the distribution is updated. On Debian/Ubuntu systems, specific updates have been released. sudo apt update sudo apt upgrade python3-jaraco.context or python-jaraco.context On SUSE Linux Enterprise Server, apply the recommended patches. sudo zypper patch SUSE-SLES-16.0-185=1 Example for SLES 16.0
As a temporary workaround, avoid using the `jaraco.context.tarball()` function on untrusted tar archives. For Python 3.12+, one might rely on the standard library’s `tarfile` module directly, ensuring that the `filter` argument is set to a safe value like `’data’` or fully_trusted, though the `’data’` filter is recommended for security .
Impact:
Successful exploitation allows an attacker to perform arbitrary file write (overwrite) or read (if the application later reads the extracted file) outside the intended extraction directory. This can lead to remote code execution by overwriting critical system files, configuration files, or application scripts. The primary impact is on confidentiality (High), as it enables reading of sensitive system data . The integrity and availability impacts are officially scored as None by the CNA, though the ability to overwrite files certainly implies a potential for integrity and availability impact depending on the target file .
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

