3 matches found
CVE-2026-41140
CVE-2026-41140 affects Poetry (Python dependency manager). The vulnerability is in extractall(), src/poetry/utils/helpers.py:410-426, which allowed tarball extraction without path traversal protection on Python versions where tarfile.data_filter is unavailable. Affected supported Poetry/Python ra...
Directory Traversal
Overview poetry is a Python dependency management and packaging made easy. Affected versions of this package are vulnerable to Directory Traversal via the extractall function in src/poetry/utils/helpers.py that extracts sdist tarballs without path traversal protection on Python versions where...
Python 代码问题漏洞
Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python versions 3.11 through 3.11.4, which stems from the presence of unexpecte...