The Python Package Index (PyPI) has announced new restrictions aimed at mitigating ZIP parser confusion attacks that could exploit discrepancies in how Python package installers and inspectors handle ZIP archives. This move comes in response to vulnerabilities identified in tools like the uv installer, which exhibits different extraction behaviors compared to Python-based installers relying on […] The post PyPI Issues Advisory to Prevent ZIP Parser Confusion Attacks on Python Package Installers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/pypi-issues-advisory-to-prevent-zip-parser-confusion-attacks/
