RockyLinux 8 : python38:3.8 and python38-devel:3.8 (RLSA-2023:7050)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7050 advisory. python: tarfile module directory traversal CVE-2007-4559 python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has...

Exploit for CVE-2025-4138

CVE-2025-4138 Python Tarfile module Directory Traversal Vulne...

Exploit for CVE-2025-4517

CVE-2025-4517 Exploit - WingData HTB Overview This exploi...

Exploit for CVE-2025-4138

CVE-2025-4138 — Python tarfile filter="data" Bypass Arbitra...

Exploit for CVE-2025-4517

CVE-2025-4517 / CVE-2025-4330 — Python tarfile Data Filter B...

Exploit for CVE-2025-4517

CVE-2025-4517-poc Here is the updated script as a Proof-of-Co...

Exploit for CVE-2025-4138

CVE-2025-4138 / CVE-2025-4517Python tarfile Filter Bypass via PA...

Siemens SCALANCE and RUGGEDCOM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2025-4138)

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfilemodule to extract untrusted tar archives using TarFile.extractallor...

Siemens SCALANCE and RUGGEDCOM Incorrect Calculation (CVE-2025-4435)

When using a TarFile.errorlevel = 0and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0in affected versions is that the member would still be extracted and not skipped. This plug...

Siemens SCALANCE and RUGGEDCOM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2025-4517)

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=data. You are affected by this vulnerability if using the tarfilemodule to extract untrusted tar archives using TarFile.extractallor TarFile.extractusing the filter=parameter with a value of dataor...

Siemens SCALANCE and RUGGEDCOM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2024-12718)

Allows modifying some file metadata e.g. last modified with filter=dataor file permissions chmod with filter=tarof files outside the extraction directory. You are affected by this vulnerability if using the tarfilemodule to extract untrusted tar archives using TarFile.extractallor...

Siemens SCALANCE and RUGGEDCOM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2025-4330)

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfilemodule to extract untrusted tar archives using TarFile.extractallor...

BIT-PYTHON-MIN-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

BIT-PYTHON-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2026-1192)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2026-1141)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.1 : python3 (EulerOS-SA-2026-1141)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : There is a defect in the CPython 'tarfile' module affecting the 'TarFile' extraction and entry enumeration APIs. The tar...

EulerOS Virtualization 2.10.0 : python3 (EulerOS-SA-2026-1192)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : There is a defect in the CPython 'tarfile' module affecting the 'TarFile' extraction and entry enumeration APIs. The tar...

ROS-20260129-73-0016

A vulnerability in the tarfile module of the Python Programming Language Interpreter CPython relates to the execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using specially crafted tar...

SUSE-SU-2026:0210-1 Security update for python3

This update for python3 fixes the following issues: Security fixes: - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' bsc1244032 - CVE-2025-4330: Fixed extraction filter bypass for linking outside extraction directory bsc12440...