Critical Rust Library Flaw Impacts Python Package Manager Security
Security researchers have uncovered a significant vulnerability in a widely-used Rust library that affects Python’s uv package manager. The flaw enables attackers to hide malicious files in tar archives, posing supply chain threats.
Vulnerability Discovery and Mechanism
Security analysts at computing security firm Edera have identified a critical vulnerability in the popular async-tar Rust crate that impacts the uv Python package manager, according to their published findings. The vulnerability involves improper handling of tar archive headers that could allow attackers to conceal additional files within archives.