Security Advisory
CVE-2024-21542
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.