Lucene search
K

10 matches found

OSV
OSV
added 2026/05/26 2:16 a.m.14 views

UBUNTU-CVE-2026-42496

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular...

9.1CVSS5.8AI score0.0043EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2026/03/09 9:11 p.m.3 views

CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS5.8AI score0.00253EPSS
Exploits4References2
Debian CVE
Debian CVE
added 2026/03/09 9:11 p.m.6 views

CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS7.5AI score0.00253EPSS
Exploits4
Vulnrichment
Vulnrichment
added 2026/01/29 9:12 p.m.5 views

CVE-2026-24846 malcontent's archive extraction could write outside extraction directory

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The...

5.5CVSS5.9AI score0.00167EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 8 : python3.12-3.12.11-1.el8_10 (AXSA:2025-10429:06)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10429:06 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside...

9.4CVSS6.7AI score0.01184EPSS
Exploits14References6
OSV
OSV
added 2025/10/03 7:56 p.m.7 views

RLSA-2025:10140 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.6CVSS7.3AI score0.01184EPSS
Exploits14References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/08 5:17 p.m.13 views

Security Bulletin: Multiple security vulnerabilities discovered in RedHat UBI as shipped with IBM Security Verify Directory Server Container

Summary Multiple security vulnerabilities have been addressed in the RedHat UBI container that is shipped with the IBM Security Verify Directory Server Container. Vulnerability Details CVEID:CVE-2024-12718 DESCRIPTION: Allows modifying some file metadata e.g. last modified with filter="data" or...

9.4CVSS8.8AI score0.73495EPSS
Exploits18Affected Software1
SUSE Linux
SUSE Linux
added 2025/07/11 4:3 p.m.7 views

Security update for python36

This update for python36 fixes the following issues: CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory bsc1244056 CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the...

8.4CVSS7.7AI score0.01184EPSS
Exploits14References32
RedHat Linux
RedHat Linux
added 2025/07/02 6:27 a.m.150 views

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

7.5CVSS6.6AI score0.01109EPSS
Exploits7References10
RedHat Linux
RedHat Linux
added 2025/07/01 1:23 p.m.44 views

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

7.5CVSS6.6AI score0.01109EPSS
Exploits7References10
Rows per page
Query Builder