toolkit icon indicating copy to clipboard operation
toolkit copied to clipboard
verified publisher icon actions

Limit files extracted by restoreCache to those in paths option.

Open sgpinkus opened this issue 1 year ago • 1 comments

Not filtering extracted archive files enables widely scoped cache poisoning attack in which attacker can clobber pretty much any file they want. This was exploited in https://github.com/ultralytics/ultralytics/issues/18027 for example.

sgpinkus avatar Jan 08 '25 08:01 sgpinkus

Why no merge this?

sgpinkus avatar Mar 21 '25 00:03 sgpinkus