5 matches found
CVE-2026-45405 Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add
Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...
PT-2026-43163
Name of the Vulnerable Software and Affected Versions Archive::Tar versions prior to 3.08 Description Archive::Tar for Perl allows the extraction of hardlinks to attacker-controlled paths outside the intended extraction directory. The function make special file passes the tar header's linkname to...
CVE-2023-4760 Remote Code Execution in Eclipse RAP on Windows
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileNameString name method. As soon as this...
MindsDB path traversal vulnerability (CNVD-2023-32764)
MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. A path traversal vulnerability exists in MindsDB version v23.1.5.0 and prior versions, which stems from performing an insecure extraction from a remotely retrieved tarball using tarfile.extractall, resulting in writing t...
MindsDB 路径遍历漏洞
MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. A path traversal vulnerability exists in MindsDB version v23.1.5.0 and prior versions, which stems from performing an insecure extraction from a remotely retrieved tarball using tarfile.extractall, resulting in writing t...