Lucene search
K

4 matches found

OSV
OSV
added 2026/06/29 11:10 a.m.5 views

BIT-LIBPYTHON-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.7AI score0.00613EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/08 1:38 p.m.9 views

CVE-2026-44340 PraisonAI: Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`

PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the safeextractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but does not validate...

8.7CVSS5.9AI score0.00433EPSS
Exploits1References1
OSV
OSV
added 2022/07/15 8:44 p.m.4 views

GHSA-C28R-HW5M-5GV3 Partial Path Traversal in com.amazonaws:aws-java-sdk-s3

Overview A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1. Applications using the SDK control the destinationDirectory argument, but S3 object keys are determined by the application that uploaded the...

7.9CVSS6.7AI score0.01193EPSS
Exploits1References4
OSV
OSV
added 2020/02/03 4:15 p.m.2 views

UBUNTU-CVE-2019-11251

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...

5.7CVSS6.7AI score0.0262EPSS
Exploits0References2
Rows per page
Query Builder