5 matches found
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview ChatterBot is a ChatterBot is a machine learning, conversational dialog engine Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the extract function. An attacker can cause arbitrary files to be written to a directory of their choice ...
Directory Traversal
Overview @appium/support is a Support libs used across Appium packages Affected versions of this package are vulnerable to Directory Traversal in the extractAllTo function. An attacker can write arbitrary files outside the intended extraction directory by supplying a crafted ZIP archive containin...
Directory Traversal
Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via the extract function. An attacker can read or write files outside the intended extraction directory by causing the application to extract a malicious archiv...
MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download
Summary A Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar download functions in the same codebase properly use the existing safeextractmember function. This appears t...
CVE-2025-54384 CKAN stored XSS vulnerability in Markdown description fields
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdownextract function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided...