Christophetd

**Name of the Vulnerable Software and Affected Versions** GuardDog versions prior to 0.1.5 **Description** The issue allows an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned. This vulnerability exists by design in the `tarfile.TarFile.extractall` function. Running GuardDog against a specially-crafted package can exploit this vulnerability. **Recommendations** Upgrade to GuardDog version 0.1.5 or more recent.