Aim External Control of File Name or Path vulnerability

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...

GHSA-75PX-35P4-QQ6H Aim External Control of File Name or Path vulnerability

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...

CVE-2024-6829

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...

CVE-2024-6829 Arbitrary File Overwrite through tarfile-extraction in aimhubio/aim

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...

CVE-2024-6829 Arbitrary File Overwrite through tarfile-extraction in aimhubio/aim

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...

CVE-2024-6829

CVE-2024-6829 affects aimhubio/aim 3.19.3. The vulnerability arises in tarfile.extractall(), allowing an attacker-controlled tarfile to be extracted to arbitrary locations on the host by manipulating repo.path and run_hash. This bypasses directory existence checks and can result in arbitrary file...

Aim 安全漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. A security vulnerability exists in Aim version 3.19.3, which stems from an unvalidated path to the tarfile.extractall function and could lead to arbitrary file extraction and overwriting...

python3 security update

3.6.8-21.0.3 - Fix DoS parsing crafted tarfile headers Orabug: 37626372CVE-2024-6232 - Disable testsocket in the PGO profile task...

CLSA-2025-1741125595 python3.9: Fix of CVE-2007-4559

CVE-2007-4559: add security filter in the tarfile module to prevent directory traversal attacks. Introduces the filter parameter; use filter="data" to block unsafe filenames...

CVE-2025-25185 GPT Academic allows arbitary file read by tarfile uncompress within softlink

GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it...

CVE-2025-25185 GPT Academic allows arbitary file read by tarfile uncompress within softlink

GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it...

Linux Distros Unpatched Vulnerability : CVE-2007-4559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite...

CLSA-2025-1740645663 python3: Fix of CVE-2007-4559

CVE-2007-4559: implement PEP 706 - a filter in the tarfile module to prevent directory traversal vulnerability...

CLSA-2025-1740599937 python3: Fix of CVE-2007-4559

CVE-2007-4559: implement PEP 706 - a filter in the tarfile module to prevent directory traversal vulnerability...

CLSA-2025-1740477793 python3.11: Fix of CVE-2024-6232

CVE-2024-6232: fix excessive backtracking in tarfile.TarFile header parsing to address ReDoS vulnerability...

CLSA-2025-1740471603 python3.11: Fix of CVE-2007-4559

CVE-2007-4559: add security filter in the tarfile module to prevent directory traversal attacks. Uses filter="data" by default to block unsafe filenames; set filter="tar" to keep legacy behavior...

Moderate: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

CLSA-2025-1740230077 Fix CVE(s): CVE-2024-6232, CVE-2024-6923

SECURITY UPDATE: Regular expressions that allowed excessive backtracking during tarfile header parsing - debian/patches/CVE-2024-6232.patch: Fix header parsing vulnerability that could lead to ReDoS - CVE-2024-6923...

CLSA-2025-1739904482 Fix CVE(s): CVE-2024-6232, CVE-2024-6923

SECURITY UPDATE: Regular expressions that allowed excessive backtracking during tarfile - debian/patches/CVE-2024-6232.patch: Fix header parsing vulnerability that could lead to ReDoS - CVE-2024-6923...