Lucene search
+L

24 matches found

osv
osv
added 16 hours ago4 views

RLSA-2026:39868 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

8.1CVSS6.5AI score0.02806EPSS
Exploits1References16
osv
osv
added 6 days ago4 views

RLSA-2026:35841 Important: nodejs24 security, bug fix, and enhancement update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

8.1CVSS6.5AI score0.02806EPSS
Exploits1References16
rocky
rocky
added 6 days ago9 views

nodejs24 security, bug fix, and enhancement update

An update is available for nodejs24. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a platform built on Chrome's JavaScript runtime for easily...

9.8CVSS6.1AI score0.02806EPSS
Exploits1
osv
osv
added 2026/07/08 12:6 p.m.4 views

RLSA-2026:35842 Important: nodejs22 security, bug fix, and enhancement update

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

8.1CVSS6.6AI score0.02806EPSS
Exploits1References14
osv
osv
added 2026/07/06 12:0 a.m.5 views

ALSA-2026:35841 Important: nodejs24 security, bug fix, and enhancement update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References32
osv
osv
added 2026/07/06 12:0 a.m.5 views

ALSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References32
redhatcve
redhatcve
added 2026/06/26 10:40 p.m.10 views

CVE-2026-48935

A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system. Mitigation Mitigation for this issue is either not...

3.3CVSS5.6AI score0.00154EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/26 1:14 a.m.44 views

CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS0.00154EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.10 views

EUVD-2024-54644

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00637EPSS
Exploits1References14
nessus
nessus
added 2025/08/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-12718

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allows modifying some file metadata e.g. last modified with filter=data or file permissions chmod with filter=tar of files outside the extraction directory. You...

5.3CVSS7AI score0.00637EPSS
Exploits1References2
nessus
nessus
added 2025/07/19 12:0 a.m.7 views

CBL Mariner 2.0 Security Update: python3 (CVE-2025-4138)

The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4138 advisory. - Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination...

7.5CVSS7.1AI score0.01149EPSS
Exploits7References2
f5
f5
added 2025/07/16 3:23 p.m.11 views

K000152599: Python tarfile vulnerability CVE-2024-12718

Security Advisory Description Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using...

5.3CVSS7.5AI score0.00637EPSS
Exploits1
osv
osv
added 2025/07/10 9:1 a.m.24 views

BIT-PYTHON-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

5.3CVSS7AI score0.00637EPSS
Exploits1References14
redhat
redhat
added 2025/07/08 11:17 a.m.8 views

cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters...

5.3CVSS7.1AI score0.00637EPSS
Exploits1References11
redhat
redhat
added 2025/07/02 6:27 a.m.4 views

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

7.5CVSS6.2AI score0.00805EPSS
Exploits2References10
amazon
amazon
added 2025/06/23 12:0 a.m.14 views

Important: python3.9

Issue Overview: Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using...

9.4CVSS8.1AI score0.01227EPSS
Exploits14
redhatcve
redhatcve
added 2025/06/03 2:51 p.m.12 views

CVE-2024-12718

A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters. Mitigation Mitigatio...

7.6CVSS6.6AI score0.00637EPSS
Exploits1References10
nvd
nvd
added 2025/06/03 1:15 p.m.11 views

CVE-2024-12718

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

5.3CVSS0.00637EPSS
Exploits1References13
cve
cve
added 2025/06/03 12:59 p.m.410 views

CVE-2024-12718

CVE-2024-12718: The tarfile extraction filter bypass allows modification of metadata or arbitrary file writes outside the extraction directory when using TarFile.extractall()/extract() with filter="data" or "tar" in Python 3.12+ (default filter may assign data in 3.14+). Affected components are P...

5.3CVSS6AI score0.00637EPSS
Exploits1References13
debiancve
debiancve
added 2025/06/03 12:59 p.m.8 views

CVE-2024-12718

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

5.3CVSS7.5AI score0.00637EPSS
Exploits1
Rows per page
Query Builder