PyPi: Luigi

CVE-2024-21542

Safety vulnerability ID: 76386

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Dec 10, 2024 Updated at Mar 29, 2025

Scan your Python projects for vulnerabilities →

Advisory

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the extractpackages_archive function.

Affected package

luigi

Latest version: 3.6.0

Workflow mgmgt + task scheduling + dependency resolution.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-8qch-vj6m-2694
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21542

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application