pip's fallback tar extraction doesn't check symbolic links point to extraction directory
In the fallback extraction path for source distributions, pip used Python’s tarfile module without verifying that symbolic/hard link targets resolve inside the intended extraction directory. A malicious sdist can include links that escape the target directory and overwrite arbitrary files on the invoking host during pip install.