17 matches found
GO-2025-4138 esm.sh CDN service has arbitrary file write via tarslip in github.com/esm-dev/esm.sh
esm.sh CDN service has arbitrary file write via tarslip in github.com/esm-dev/esm.sh...
EUVD-2025-7031
Malicious code in bioql PyPI...
EUVD-2024-27857
Malicious code in bioql PyPI...
EUVD-2025-0023
Malicious code in bioql PyPI...
CVE-2024-12216 Arbitrary File Write via TarSlip in dmlc/gluon-cv
A vulnerability in the ImageClassificationDataset.fromcsv API of the dmlc/gluon-cv repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts tar.gz files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can...
CVE-2024-2914
A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to...
Path Traversal
github.com/karmada-io/karmada is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths within custom resource definition CRD archives, allowing attackers to exploit a TarSlip vulnerability and write arbitrary files to arbitrary locations in the filesystem...
CVE-2024-56514
Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...
CVE-2024-56514 Karmada Tar Slips in CRDs archive extraction
Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...
CVE-2024-56514 Karmada Tar Slips in CRDs archive extraction
Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...
CVE-2024-56514
CVE-2024-56514 describes a TarSlip vulnerability in Karmada prior to v1.12.0 where CRDs downloaded from a filesystem path or HTTP(S) URL could be extracted from a gzipped tarfile and write arbitrary files. The flaw occurs when karmadactl or karmada-operator processes CRD archives during initializ...
PT-2025-1149 · Karmada +1 · Karmada +1
Name of the Vulnerable Software and Affected Versions: Karmada versions prior to 1.12.0 Description: Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. The system is vulnerable to a TarSlip vulnerability,...
GO-2022-0929 Tarslip in go-unarr in github.com/gen2brain/go-unarr
Tarslip in go-unarr in github.com/gen2brain/go-unarr...
CVE-2024-2914 TarSlip Vulnerability in deepjavalibrary/djl
A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to...
CVE-2024-2914 TarSlip Vulnerability in deepjavalibrary/djl
A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to...
PT-2024-22759 · Djl · Djl
Name of the Vulnerable Software and Affected Versions: djl version 0.26.0 Description: A TarSlip vulnerability exists in the djl library, allowing an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. This could lead to remote code execution,...
GitHub Security Lab: [python] TarSlip vulnerability improvements
Vulnerability description not provided...