394 matches found
GHSA-4RX4-4R3X-6534 PraisonAI recipe registry pull path traversal writes files outside the chosen output directory
Summary PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../ traversal entries and any user who later pulls that...
PT-2026-30765
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.113 Description PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives using tar.extractall without validating archive member paths before extraction. A malicious publisher can...
USN-8139-1 rust-cargo-c vulnerability
It was discovered that tar-rs embedded in cargo-c incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside th...
EUVD-2025-209119
A path traversal vulnerability exists in the extractarchivetodir function within the mlflow/pyfunc/dbconnectartifactcache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An...
GHSA-VHCX-3PQ2-4FVC MLFlow path traversal vulnerability
A path traversal vulnerability exists in the extractarchivetodir function within the mlflow/pyfunc/dbconnectartifactcache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An...
CVE-2025-15036
A path traversal vulnerability exists in the extractarchivetodir function within the mlflow/pyfunc/dbconnectartifactcache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An...
CVE-2025-15036
A path traversal vulnerability exists in the extractarchivetodir function within the mlflow/pyfunc/dbconnectartifactcache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An...
CVE-2025-15036 Path Traversal Vulnerability in mlflow/mlflow
A path traversal vulnerability exists in the extractarchivetodir function within the mlflow/pyfunc/dbconnectartifactcache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An...
CVE-2025-15036 Path Traversal Vulnerability in mlflow/mlflow
A path traversal vulnerability exists in the extractarchivetodir function within the mlflow/pyfunc/dbconnectartifactcache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An...
PT-2026-28273
Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.7.0 Description A path traversal issue exists in the extract archive to dir function within the mlflow/pyfunc/dbconnect artifact cache.py file of the mlflow/mlflow repository. The issue is due to insufficient...
Directory Traversal
Keras is vulnerable to Directory Traversal. The vulnerability is due to unsafe extraction of tar archives in keras.utils.getfile without proper filtering during extraction, which allows an attacker to bypass path validation and write files outside the intended directory...
BIT-JENKINS-2026-33001
Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction of .tar and .tar.gz archives, allowing crafted archives to write files to arbitrary locations on the filesystem, restricted only by file system access permissions of the user running...
Security Bulletin: Symlink Traversal Vulnerability in pip Tar Extraction Fallback on Pre-PEP 706 Python Versions, watsonx.data
Summary A vulnerability in pip allows improper handling of symbolic links during tar extraction on older Python versions without PEP 706, potentially leading to path traversal outside the intended directory; updating pip and Python mitigates the risk. This can affect watsonx.data. Vulnerability...
CVE-2026-32766 astral-tokio-tar insufficiently validates PAX extensions during extraction
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser...
CVE-2026-33001
A flaw was found in Jenkins. This vulnerability allows attackers with Item/Configure permission, or those who can control agent processes, to exploit unsafe handling of symbolic links during the extraction of .tar and .tar.gz archives. By crafting malicious archives, an attacker can write files t...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the extraction process of tar archives due to improper validation of archive entry paths. An attacker can overwrite arbitrary files on the filesystem by supplying a crafted tar.gz file containing directory travers...
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2026-1640)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2026-32805 Romeo is vulnerable to Archive Slip due to missing checks in sanitization
Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path...
CVE-2025-15031 Path Traversal Vulnerability in mlflow/mlflow
A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of tarfile.extractall without path validation enables crafted tar.gz files containing .. or absolute paths to escape the intended extractio...
UNIX Symbolic Link (Symlink) Following
Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following during the extraction of .tar and .tar.gz archives when symbolic links are present. An attacker can create or overwrite arbitrary...