CVE-2025-4138

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

SUSE CVE-2025-4138

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

DEBIAN-CVE-2025-4330

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

CVE-2024-12718

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

DEBIAN-CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

AZL-62313 CVE-2025-4330 affecting package python3 for versions less than 3.9.19-14

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

CVE-2025-4138

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the tarfile extraction process when using the filter parameter set to "data" or "tar". An attacker can modify file metadata, such as timestamps or permissions, of files located outside the intended extraction...

CVE-2025-4138

CVE-2025-4138 affects Python’s tarfile module when using TarFile.extractall() or TarFile.extract() with filter='data' or 'tar'. The extraction filter can be bypassed, allowing symlink targets to point outside the destination directory and enabling modification of some file metadata. This issue is...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the tarfile module's extraction process when using the extractall or extract functions with the filter parameter set to "data" or "tar". An attacker can cause files or symlinks to be created outside the intended...

CVE-2025-4330

CVE-2025-4330 affects Python tarfile extraction: when using TarFile.extractall() or TarFile.extract() with filter=“data” or “tar”, the extraction filter can be bypassed, allowing symlink targets and some file metadata to be manipulated outside the destination directory. Affected Python versions a...

CVE-2025-4517 Arbitrary writes via tarfile realpath overflow

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

PT-2025-23611

Name of the Vulnerable Software and Affected Versions Python versions 3.12 and later Description The issue allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data" when using the tarfile module to extract untrusted tar archives. This affects users o...

OPENSUSE-SU-2025:15192-1 python39-3.9.22-3.1 on GA media

These are all security issues fixed in the python39-3.9.22-3.1 package on the GA media of openSUSE Tumbleweed...

Fedora: Security Advisory (FEDORA-2025-e4c104502d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

python3.12-semantic_version bug fix and enhancement update

An update is available for python3.12-semanticversion. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see t...

python3.12-Cython bug fix and enhancement update

An update is available for python3.12-Cython. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Slackware Linux 15.0 python3 Vulnerability (SSA:2025-099-01)

The version of python3 installed on the remote host is prior to 3.9.22. It is, therefore, affected by a vulnerability as referenced in the SSA:2025-099-01 advisory. New python3 packages are available for Slackware 15.0 to fix security issues. Tenable has extracted the preceding description block...

RHSA-2025:3631 Red Hat Security Advisory: python3.12 security update

Bulletin has no description...