Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/11 12:0 a.m.7 views

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-2242)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Allows arbitrary filesystem writes outside the extraction directory during extraction with filter='data'. You are affected by this vulnerability ...

9.4CVSS7.3AI score0.01184EPSS
Exploits14References5
RedHat Linux
RedHat Linux
added 2025/09/16 6:1 p.m.12 views

cpython: Cpython infinite loop when parsing a tarfile

A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module...

7.5CVSS7.3AI score0.00611EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/08/26 2:15 a.m.5 views

cpython: Cpython infinite loop when parsing a tarfile

A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module...

7.5CVSS7.3AI score0.00611EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/08/26 1:7 a.m.4 views

cpython: Cpython infinite loop when parsing a tarfile

A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module...

7.5CVSS7.3AI score0.00611EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/07/08 11:17 a.m.4 views

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

7.5CVSS6.2AI score0.00767EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2025/07/08 11:17 a.m.6 views

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

7.5CVSS6.6AI score0.01109EPSS
Exploits7References10
RedHat Linux
RedHat Linux
added 2025/07/02 6:27 a.m.145 views

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

7.5CVSS6.6AI score0.01109EPSS
Exploits7References10
RedHat Linux
RedHat Linux
added 2025/07/02 6:27 a.m.4 views

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

7.5CVSS6.2AI score0.00767EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2025/07/01 10:5 p.m.7 views

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

7.5CVSS6.6AI score0.01109EPSS
Exploits7References10
RedHat Linux
RedHat Linux
added 2025/07/01 9:13 p.m.5 views

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

7.5CVSS6.6AI score0.01109EPSS
Exploits7References10
RedHat Linux
RedHat Linux
added 2025/07/01 8:6 p.m.14 views

cpython: Tarfile extracts filtered members when errorlevel=0

A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms...

7.5CVSS6.3AI score0.00474EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2025/07/01 8:6 p.m.9 views

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

7.5CVSS6.2AI score0.00767EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2025/07/01 1:22 p.m.18 views

python: cpython: Arbitrary writes via tarfile realpath overflow

A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall or TarFile.extract methods with the extraction filter parameter set to "data" or "tar"...

9.4CVSS6.7AI score0.01184EPSS
Exploits11References10
RedHat Linux
RedHat Linux
added 2023/11/14 4:4 p.m.7 views

python: tarfile module directory traversal

A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...

9.8CVSS6.7AI score0.27095EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2023/11/14 3:32 p.m.6 views

python: tarfile module directory traversal

A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...

9.8CVSS6.7AI score0.27095EPSS
Exploits3References4
Rows per page
Query Builder