CVE-2024-12718

🗓️ 03 Jun 2025 12:59:10Reported by PSFType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 353 Views

CVE-2024-12718 allows file metadata modification in untrusted tar extraction on Python 3.12 or later.

Reporter	Title	Published	Views	Family All 307
IBM Security Bulletins	Security Bulletin: AIX/VIOS is affected by arbitrary code execution (CVE-2025-47273, CVE-2025-4330, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517) due to Python	20 Aug 202515:03	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities due to libxml2, python3, pam and glibc packages shipped with IBM CICS TX Advanced.	12 Aug 202511:56	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)	21 Oct 202514:44	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities due to libxml2, python3, pam and glibc packages shipped with IBM CICS TX Standard.	12 Aug 202511:48	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities discovered in RedHat UBI as shipped with IBM Security Verify Directory Server Container	8 Aug 202517:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image	31 Jul 202514:24	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python [CVE-2024-12718]	17 Dec 202514:08	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities due to libxml2, python3 and pam packages shipped with TXSeries for Multiplatforms.	12 Aug 202511:41	–	ibm
GithubExploit	Exploit for CVE-2025-4138	15 Feb 202608:28	–	githubexploit
Tenable Nessus	Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-1044)	23 Jun 202500:00	–	nessus

[
  {
    "defaultStatus": "unaffected",
    "product": "CPython",
    "repo": "https://github.com/python/cpython",
    "vendor": "Python Software Foundation",
    "versions": [
      {
        "version": "0",
        "lessThan": "3.10.18",
        "status": "affected",
        "versionType": "python"
      },
      {
        "version": "3.11.0",
        "lessThan": "3.11.13",
        "status": "affected",
        "versionType": "python"
      },
      {
        "version": "3.12.0",
        "lessThan": "3.12.11",
        "status": "affected",
        "versionType": "python"
      },
      {
        "version": "3.13.0",
        "lessThan": "3.13.4",
        "status": "affected",
        "versionType": "python"
      },
      {
        "version": "3.14.0a1",
        "lessThan": "3.14.0b3",
        "status": "affected",
        "versionType": "python"
      }
    ]
  }
]

Source	Link
github	www.github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9
github	www.github.com/python/cpython/issues/127987
github	www.github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
mail	www.mail.python.org/archives/list/[email protected]/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
github	www.github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da
github	www.github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
github	www.github.com/python/cpython/pull/135037
github	www.github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e
github	www.github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1
github	www.github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a

21 Apr 2026 20:11Current

6Medium risk

Vulners AI Score6

CVSS 3.15.3

EPSS0.0079

SSVC

CWE-22