From 099201cc924377863658b6acf6ce576c8a960391 Mon Sep 17 00:00:00 2001 From: Rip&Tear <84775494+theCyberTech@users.noreply.github.com> Date: Fri, 19 Jun 2026 13:20:30 +0800 Subject: [PATCH] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- lib/crewai/src/crewai/experimental/skills/cache.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/crewai/src/crewai/experimental/skills/cache.py b/lib/crewai/src/crewai/experimental/skills/cache.py index 3aa27a25b..780f7371b 100644 --- a/lib/crewai/src/crewai/experimental/skills/cache.py +++ b/lib/crewai/src/crewai/experimental/skills/cache.py @@ -143,6 +143,8 @@ def _safe_extractall(tf: tarfile.TarFile, dest: Path) -> None: member_path = (dest / member.name).resolve() if not member_path.is_relative_to(dest_resolved): raise ValueError(f"Blocked path traversal attempt: {member.name!r}") + if member.ischr() or member.isblk() or member.isfifo(): + raise ValueError(f"Blocked special file type in archive: {member.name!r}") if member.issym() or member.islnk(): link_target = member.linkname # Absolute link targets always escape the destination.