Lucene search
K

10 matches found

SUSE CVE
SUSE CVE
added 2026/06/06 2:54 a.m.13 views

SUSE CVE-2026-7774

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

7.5CVSS5.4AI score0.00606EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/04/17 12:0 a.m.91 views

📄 ddev ZipSlip Path Traversal

A ZipSlip path traversal vulnerability exists in the ddev/ddev project, affecting archive extraction routines. The issue allows a crafted ZIP archive to write files outside the intended extraction directory, potentially leading to arbitrary file overwrite on the host system...

6.5CVSS5.9AI score0.00418EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2026/02/24 9:46 p.m.6 views

CVE-2026-27117 bit7z has a path traversal vulnerability

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.11, a path traversal vulnerability "Zip Slip" exists in bit7z's archive extraction functionality. The library does not adequately validate file paths contained in archive...

5.5CVSS5.8AI score0.00309EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/03 7:28 a.m.11 views

CVE-2025-0377

An archive extraction vulnerability was found in HashiCorp's go-slug library. When go-slug performs an extraction, the filename/extraction path is taken from the tar entry via the header.Name. It was discovered that the unpacking step improperly validated paths, potentially leading to path...

7.5CVSS6.8AI score0.00667EPSS
Exploits0References4
OSV
OSV
added 2025/02/03 5:15 a.m.1 views

UBUNTU-CVE-2024-57966

libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive...

5CVSS5.8AI score0.00271EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/11/14 4:4 p.m.8 views

python: tarfile module directory traversal

A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...

9.8CVSS6.7AI score0.27095EPSS
Exploits3References4
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.31 views

Arbitrary File Write via Archive Extraction in mholt/archiver

mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

5.5CVSS5.9AI score0.0253EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/22 4:19 p.m.47 views

Maliciously Crafted Model Archive Can Lead To Arbitrary File Write

Impact An Archive Extraction Zip Slip vulnerability in the functionality that allows a user to load a trained model archive in Rasa 2.8.9 and older allows an attacker arbitrary write capability within specific directories using a malicious crafted archive file. Patches The vulnerability is fixed ...

7.3CVSS1.9AI score0.00734EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2020/09/01 5:39 a.m.2 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/u-root/u-root/pkg/cpio is a package that provides Go versions of standard Linux tools and bootloaders. It also provides tools for compiling Go programs in a single binary and creating initramfs images. Affected versions of this package are vulnerable to Arbitrary File Write vi...

7.5CVSS7.8AI score0.01527EPSS
Exploits1References2
Debian
Debian
added 2018/09/22 2:1 p.m.25 views

[SECURITY] [DSA 4300-1] libarchive-zip-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4300-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 22, 2018 https://www.debian.org/security/faq -...

6.4CVSS1.6AI score0.48716EPSS
Exploits0
Rows per page
Query Builder