Lucene search
+L

397 matches found

CVE
CVE
added yesterday31 views

CVE-2026-50163

The CVE concerns the oras-go library (OCI artifacts) prior to version 2.6.2, where ensureLinkPath in content/file/utils.go can return an unresolved hardlink target. During tar extraction, a hardlink entry with a relative Linkname could be resolved against the process CWD, allowing a path like pay...

7.1CVSS5.3AI score
Exploits0References4
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-12482 Path Traversal via Symlink Name Validation Bypass in keras-team/keras

A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the filtersafetarinfos validation in keras/src/utils/fileutils.py. Specifically, symlink entries are not subjected to the same ispathindir validation as regular file entries,...

3.1CVSS0.00301EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-12482

CVE-2026-12482 affects keras-team/keras v3.12.0. A path-traversal issue arises in tar extraction: symlink entries bypass the is_path_in_dir validation used for regular files in keras/src/utils/file_utils.py due to imperfect filter_safe_tarinfos. This allows crafting a malicious tar to place or re...

3.1CVSS6.1AI score0.00301EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43554

FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...

6.6CVSS6.2AI score0.00129EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-62239 FlashAttention Symlink Attack via tarfile.extractall in hopper/setup.py

FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...

6.6CVSS0.00129EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago3 views

CVE-2026-62239

FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...

6.6CVSS6.2AI score0.00129EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/09 6:32 p.m.7 views

CVE-2026-58198

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...

5.5CVSS5.9AI score0.00095EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/07/09 6:32 p.m.31 views

CVE-2026-58198 ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...

5.5CVSS0.00095EPSS
Exploits0References4
CVE
CVE
added 2026/07/09 6:32 p.m.14 views

CVE-2026-58198

ChatterBot (Python) vulnerability CVE-2026-58198: UbuntuCorpusTrainer.extract() uses a predictable home path (~/.ubuntu_data/ubuntu_dialogs) with a check-then-create pattern, then tar.extractall(path=self.data_path). An attacker who pre-places a symlink at that path can cause archived contents to...

5.5CVSS5.9AI score0.00095EPSS
Exploits0References4
OSV
OSV
added 2026/07/09 6:32 p.m.3 views

CVE-2026-58198 ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...

5.5CVSS6.1AI score0.00095EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/01 9:48 p.m.4 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack through improper validation of hardlink targets during tar extraction. An attacker can access or modify files outside the intended extraction directory by crafting a malicious tarball with a hardlink entry whose target is...

7.1CVSS6AI score
Exploits0References3
Snyk
Snyk
added 2026/07/01 9:48 p.m.5 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack through improper validation of hardlink targets during tar extraction. An attacker can access or modify files outside the intended extraction directory by crafting a malicious tarball with a hardlink entry whose target is...

7.1CVSS6.1AI score
Exploits0References3
Snyk
Snyk
added 2026/07/01 9:48 p.m.6 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack through improper validation of hardlink targets during tar extraction. An attacker can access or modify files outside the intended extraction directory by crafting a malicious tarball with a hardlink entry whose target is...

7.1CVSS6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/01 9:48 p.m.5 views

GHSA-FXHP-MV3V-67QP `oras-go` tar extraction: Hardlink entry with relative Linkname escapes extract dir via process CWD resolution

Root cause The tar-extraction helper ensureLinkPath at content/file/utils.go:262-275 validates that a hardlink's target resolves inside the extract base, but then returns the original unresolved target string back to the caller: go func ensureLinkPathbaseAbs, baseRel, link, target string string,...

7.1CVSS6AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/07/01 9:48 p.m.7 views

`oras-go` tar extraction: Hardlink entry with relative Linkname escapes extract dir via process CWD resolution

Root cause The tar-extraction helper ensureLinkPath at content/file/utils.go:262-275 validates that a hardlink's target resolves inside the extract base, but then returns the original unresolved target string back to the caller: go func ensureLinkPathbaseAbs, baseRel, link, target string string,...

7.1CVSS6AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-425 MLFlow path traversal vulnerability

A path traversal vulnerability exists in the extractarchivetodir function within the mlflow/pyfunc/dbconnectartifactcache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An...

9.6CVSS7.5AI score0.00587EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/06/29 4:49 a.m.14 views

perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access

A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...

9.1CVSS5.9AI score0.0043EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/26 4:23 p.m.10 views

EUVD-2026-39804

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...

9CVSS5.9AI score0.00289EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/22 6:28 p.m.9 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS5.8AI score0.00388EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 5:32 p.m.11 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS5.8AI score0.00388EPSS
Exploits0References5
Rows per page
Query Builder