CVE-2024-21542

Summary

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.

Affected Software

VendorProductVersion RangeStatus
n/aluigi0 < 3.6.0affected

Weaknesses

  • CWE-29: Arbitrary File Write via Archive Extraction (Zip Slip)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References