High severity8.6OSV Advisory· Published Dec 10, 2024· Updated Apr 29, 2026
CVE-2024-21542
CVE-2024-21542
Description
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
luigiPyPI | < 3.6.0 | 3.6.0 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-8qch-vj6m-2694ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-21542ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/luigi/PYSEC-2024-159.yamlghsaWEB
- github.com/spotify/luigi/commit/b5d1b965ead7d9f777a3216369b5baf23ec08999nvdWEB
- github.com/spotify/luigi/issues/3301nvdWEB
- github.com/spotify/luigi/releases/tag/v3.6.0nvdWEB
- security.snyk.io/vuln/SNYK-PYTHON-LUIGI-7830489nvdWEB
News mentions
0No linked articles in our index yet.