105 matches found
EUVD-2026-42769
decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...
CVE-2026-39245
CVE-2026-39245 affects the decompress package (before 4.2.2). The vulnerability arises from an improper path containment check during extraction: safeMakeDir (index.js:29) and extraction path validation (index.js:106) rely on realDestinationDir.indexOf(realOutputPath) !== 0. This boundary check f...
CVE-2026-14967
BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...
CVE-2026-14967
BBOT’s github_workflows module has a path-traversal vulnerability: the path-containment check fails to resolve ‘..’, allowing a crafted CODE_REPOSITORY URL to traverse out of the configured output directory. The write is bounded to two directory levels above the output location and the target is ...
EUVD-2026-42296
BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...
PT-2026-56053
Name of the Vulnerable Software and Affected Versions @xhmikosr/decompress versions prior to 10.2.1 @xhmikosr/decompress versions prior to 11.1.3 decompress versions prior to 4.3.0 Description When extracting archives to a directory, a crafted archive can read or write files outside that director...
EUVD-2026-40422
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...
CVE-2026-50003
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...
CVE-2026-50003
The CVE-2026-50003 issue affects the DCMTK toolkit. A malicious or compromised server can exploit the bit-preserving C-GET storage mode in the DCMTK client to write files outside the designated output directory, using both relative (../) paths and absolute paths. Multiple sources (RH CVE entry, E...
CVE-2026-50003 OFFIS DCMTK Toolkit Path Traversal
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...
CVE-2026-50003
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...
PT-2026-53992
Name of the Vulnerable Software and Affected Versions DCMTK affected versions not specified Description A compromised or malicious server can force a client to write files outside the designated output directory. This occurs when the client uses the bit-preserving C-GET storage mode, allowing the...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the xmlwf process when the -d parameter is used to specify an output directory. An attacker can cause unintended behavior or potentially execute arbitrary code by providing a specially crafted output...
ALPINE-CVE-2026-56409
xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used...
CVE-2026-56409
xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used...
CVE-2026-56409
CVE-2026-56409 affects xmlwf in libexpat prior to 2.8.2. An integer overflow occurs in the output filename when -d outputDir is used. The CVSS 3.1 vector (LOCAL, HIGH complexity, NO privileges, user interaction required) indicates a local impact with confidentiality/ integrity impact HIGH and ava...
EUVD-2026-38186
xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used...
PT-2026-51245
Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description The xmlwf tool contains an integer overflow related to the output filename when the -d outputDir option is utilized. An integer overflow occurs when a mathematical operation results in a value that...
CVE-2026-45380
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform,...
EUVD-2026-36186
Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes ...