Ggautomaton

**Name of the Vulnerable Software and Affected Versions** CPython (affected versions not specified) **Description** On Windows, the `shutil.unpack archive()` function fails to properly check for absolute paths within ZIP archives. If an archive contains a path with a drive letter (e.g., `C:`), files may be extracted outside of the intended target directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Python (affected versions not specified) **Description** The `sock recvfrom into()` method of `asyncio.ProacterEventLoop` on Windows lacks a boundary check for the data buffer when the `nbytes` parameter is used. This can lead to an out-of-bounds buffer write if the received data exceeds the buffer size. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.