pip Tar Extraction Symbolic Link Vulnerability

A vulnerability exists in pip's fallback method for extracting tar archives, specifically in Python versions that do not support PEP 706. When using this fallback, pip may fail to verify whether symbolic links lead into the extraction directory. This oversight could potentially be exploited by a source distribution (sdist) containing malicious symlinks. In contrast, pip operates securely in Python versions that implement PEP 706, as it bypasses the vulnerable fallback code. The issue arises from the tarfile module's handling of symlinks, which can be exploited if not properly checked.

Impact

Exploitation of this vulnerability could lead to improper handling of symbolic links during tar extraction, allowing for potential path traversal attacks by directing files outside the intended extraction directory.

Reproduction

To reproduce this vulnerability, use a version of Python that does not implement PEP 706 and a version of pip that relies on the vulnerable tar extraction fallback. Create a source distribution that includes a symbolic link pointing to a file in the parent directory, relative to the extraction path. When this sdist is installed, pip will extract the tar archive using the vulnerable fallback, failing to check the symlink's target. The extraction process will not raise an error, allowing the sdist to be installed while bypassing the intended safeguards.

Remediation

Upgrade to a version of pip that includes the fix for this vulnerability, such as the upcoming 25.3 release. Additionally, upgrade to a Python version that supports PEP 706, specifically Python 3.9.17, 3.10.12, 3.11.4, or 3.12. If an upgrade is not possible, inspect source distributions for malicious symlinks before installation.