Safety vulnerability ID: 75936
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Volttron-core fixes CVE-2007-4559: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Latest version: 10.0.5rc6
VOLTTRON™ is an open source platform for distributed sensing and control. The platform provides services for collecting and storing data from buildings and devices and provides an environment for developing applications which interact with that data.
What's Changed
* Add dispatch workflow for downstream testing by bonicim in https://github.com/eclipse-volttron/volttron-core/pull/4
* fix for pip install of existing package by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/6
* Using importlib.metadata instead of external package importlib_metadata by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/10
* Re-organized core repository by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/15
* Add build wheel step in run-downstream-tests workflow by bonicim in https://github.com/eclipse-volttron/volttron-core/pull/16
* Add infrastructure to bump versions of artifacts by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/22
* Fixes 30 vctl status fails when installed by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/31
* Update pre commit hooks by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/29
* Update workflow for downstream testing by bonicim in https://github.com/eclipse-volttron/volttron-core/pull/32
* 36 move to src by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/39
* Reoriganize imports without breaking things by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/40
* Add math_utils.py by bonicim in https://github.com/eclipse-volttron/volttron-core/pull/42
* Updates and bug fixes by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/43
* Develop to main by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/41
* Update base dependencies on schedule by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/46
* Transition develop into main by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/47
* Renamed to update-project-dependencies.yml by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/48
* Update imports by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/49
* Tag version fixes by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/50
* Develop by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/51
* Added poetry.lock to github ignore list by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/52
* Clarify contributor contribution. by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/54
* Develop to Main Release by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/55
* Update README.md by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/56
* Remove poetry.lock file by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/57
* Fix codacy issues and remove poetry.lock file. by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/58
* Add dynamic helper by bonicim in https://github.com/eclipse-volttron/volttron-core/pull/61
* Handle change in format of poetry version --short by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/66
* Update deploy-pre-release.yml by bonicim in https://github.com/eclipse-volttron/volttron-core/pull/67
* Pyproject documentation update by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/68
* Add description to pyproject.yml file. by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/70
* fix trove classifier by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/71
* Develop to main merge by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/72
* add auto assign to project when new issue created by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/64
* Auto assign needs to be at the default branch. by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/73
* Add service loader by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/77
* Updated README.md by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/78
* Use default action to add to backlog. by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/80
* Merge to main for action work by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/81
* Add issue templates for features and issues by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/83
* Add issue templates by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/84
* Fix develop-> main by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/85
* Corrected format string in context.py.get_fq_identity(). by davidraker in https://github.com/eclipse-volttron/volttron-core/pull/87
* Integrates service loader into modular framework. by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/93
* 94 fix permissions shutdown by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/95
* Fix 96 by moving tests under src directory. by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/97
* Handle greenlet stopping in a better manner. by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/99
* Move tests back to sibling of src. by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/101
* Fixed reference to fq_identity by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/106
* Add developing on modular readme by bonicim in https://github.com/eclipse-volttron/volttron-core/pull/110
* Add poetry documentation to Developing Readme by bonicim in https://github.com/eclipse-volttron/volttron-core/pull/111
* Certs and context by davidraker in https://github.com/eclipse-volttron/volttron-core/pull/112
* Fix get_instance_name context by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/114
* Fix vctl install by bonicim in https://github.com/eclipse-volttron/volttron-core/pull/117
* Fix logic on parsing for wheel by bonicim in https://github.com/eclipse-volttron/volttron-core/pull/118
* Fixed auth errors by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/120
* Update copyright for repository by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/122
* Sync develop from main by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/124
* Sync develop from main by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/125
* CVE-2007-4559 Patch by TrellixVulnTeam in https://github.com/eclipse-volttron/volttron-core/pull/105
* Fixes for vctl install related to vip-id, local directory install, repeated download from pypi by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/135
* support for vctl Install of pre-release version. Issue 138 by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/140
* Vctl install fix 147 133 by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/152
* Fix for issue 150. Port vctl --all-tagged from monolithic code by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/153
* Fixes vctl list, vctl enable, vctl disable by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/159
* Add poetry dependency by bonicim in https://github.com/eclipse-volttron/volttron-core/pull/157
* Set cwd for volttron and agents by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/169
* Remove spurrious logging from auth_service.py by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/170
* Python 11 update by davidraker in https://github.com/eclipse-volttron/volttron-core/pull/171
* Update links in CONTRIBUTING.md by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/172
* Main to Develop by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/173
* Subscribe by tags - issue 143 by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/179
* Fixed uncaught exception when host is unreachable. by davidraker in https://github.com/eclipse-volttron/volttron-core/pull/181
* Config store security update by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/185
* SBOM by kefeimo in https://github.com/eclipse-volttron/volttron-core/pull/192
* Merged changes from different prs into 1 by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/200
* fix for volttron non dev mode + poetry env by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/201
* Enforce rpc caps by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/202
* regular expression handling, rpc.export alias handling by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/203
* clean up and more authz updates to work better with vctl by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/204
* PatternMatchingEventHandler now need pattern as kwargs instead of args by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/208
* changes to authz data classes for json serialization by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/209
* Authz is topic protected by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/207
* V10 by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/211
* added `vctl authz` interface by kefeimo in https://github.com/eclipse-volttron/volttron-core/pull/210
* vctl authz command pattern and help text cleanup by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/213
* Fix issue with shutting down the platform both with and without agent… by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/214
* Feature/create credentials by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/216
* fixed poetry env setup when installing from pypi/test-pypi by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/217
* Install fix & minor type hint fix by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/220
* Update backward_incompatible_features.md by riley206 in https://github.com/eclipse-volttron/volttron-core/pull/224
* Update README.md by riley206 in https://github.com/eclipse-volttron/volttron-core/pull/223
* Updated deprecated use of library. by davidraker in https://github.com/eclipse-volttron/volttron-core/pull/227
* Fixed 229 by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/230
* Fix bug missing VOLTTRON_HOME in the environment by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/233
* Feature/v11 test updates by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/234
* Bug/229 logging issue by craig8 in https://github.com/eclipse-volttron/volttron-core/pull/235
* v10 to develop by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/240
* Added keyword to account for changes in watchdog API. by davidraker in https://github.com/eclipse-volttron/volttron-core/pull/237
* fix for 225 and 238 by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/241
* making deploy pre-release use latest github tooling workflow by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/245
* Update README.md by schandrika in https://github.com/eclipse-volttron/volttron-core/pull/246
New Contributors
* schandrika made their first contribution in https://github.com/eclipse-volttron/volttron-core/pull/6
* davidraker made their first contribution in https://github.com/eclipse-volttron/volttron-core/pull/87
* TrellixVulnTeam made their first contribution in https://github.com/eclipse-volttron/volttron-core/pull/105
* kefeimo made their first contribution in https://github.com/eclipse-volttron/volttron-core/pull/192
* riley206 made their first contribution in https://github.com/eclipse-volttron/volttron-core/pull/224
**Full Changelog**: https://github.com/eclipse-volttron/volttron-core/commits/v2.0.0rc5
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application