AZL-62318 CVE-2025-4517 affecting package python3 for versions less than 3.12.9-2

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

PSF-2025-5

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

CVE-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

CVE-2025-4138 Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via TarFile.extractall and TarFile.extract functions in the tarfile module when using the filter parameter set to data or tar. An attacker can gain unauthorised access to files outside the intended extraction directo...

CVE-2025-4138 Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the tarfile extraction process when using the filter parameter set to "data" or "tar". An attacker can write files outside the intended extraction directory by convincing a privileged user or process to extract a...

CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

CVE-2025-4517

CVE-2025-4517 concerns the tarfile module: when extracting untrusted tar archives using TarFile.extractall() or TarFile.extract() with filter set to "data" (or "tar"), it allows arbitrary filesystem writes outside the extraction directory. The description and connected advisories confirm this is ...

PT-2025-23607

Name of the Vulnerable Software and Affected Versions Python versions 3.12 and later Description This vulnerability allows modification of file metadata e.g., last modified or file permissions of files outside the intended extraction directory when using the tarfile module to extract untrusted ta...

PT-2025-23608

Name of the Vulnerable Software and Affected Versions Python versions 3.12 and later Description The issue allows the extraction filter to be ignored, enabling symlink targets to point outside the destination directory and the modification of some file metadata. This affects users who extract...

PT-2025-23609

Name of the Vulnerable Software and Affected Versions Python versions 3.12 and later Description The issue allows the extraction filter to be ignored, enabling symlink targets to point outside the destination directory and the modification of some file metadata. This affects users who utilize the...

AZL-61870 CVE-2025-4516 affecting package python3 for versions less than 3.12.9-2

There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode call in ...

markdownify allows large headline prefixes such as <h9999999>, which causes memory consumption

python-markdownify aka markdownify before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption...

Medium: python

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

Linux Distros Unpatched Vulnerability : CVE-2018-14647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks...

Linux Distros Unpatched Vulnerability : CVE-2013-1665

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote...

Linux Distros Unpatched Vulnerability : CVE-2013-1752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rejected reason: Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service memory consumpti...

Linux Distros Unpatched Vulnerability : CVE-2021-23336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to We...

Linux Distros Unpatched Vulnerability : CVE-2010-3493

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service daemon outag...