Lucene search
+L

53 matches found

pypa
pypa
added 2023/04/21 9:15 p.m.7 views

PYSEC-2023-27

mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...

7.5CVSS6.5AI score0.01EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2023/04/21 8:11 p.m.39 views

CVE-2023-30620 Arbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdb

mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...

7.5CVSS7.6AI score0.01EPSS
Exploits1References3
osv
osv
added 2023/03/30 8:16 p.m.74 views

GHSA-7X45-PHMR-9WQP Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location

Summary An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip variant. Details Unpacking files using the...

8.5CVSS8.7AI score0.00883EPSS
Exploits1References7
github
github
added 2023/03/30 8:16 p.m.23 views

Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location

Summary An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip variant. Details Unpacking files using the...

8.8CVSS8.6AI score0.00883EPSS
Exploits1References7Affected Software1
nvd
nvd
added 2023/03/30 7:15 p.m.36 views

CVE-2022-23522

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

8.8CVSS8.5AI score0.00883EPSS
Exploits1References1
prion
prion
added 2023/03/30 7:15 p.m.18 views

Design/Logic Flaw

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

6.5CVSS8.6AI score0.00883EPSS
Exploits1References1Affected Software1
osv
osv
added 2023/03/30 7:15 p.m.33 views

PYSEC-2023-26

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

8.8CVSS8.8AI score0.00883EPSS
Exploits1References1
cve
cve
added 2023/03/30 6:4 p.m.65 views

CVE-2022-23522

CVE-2022-23522 concerns MindsDB, where unsafe extraction via shutil.unpack_archive() from remotely retrieved tarballs may write files outside the intended directory (TarSlip/ZipSlip variant). The underlying issue: validating destination paths during archive extraction is insufficient, enabling cr...

8.8CVSS8.6AI score0.00883EPSS
Exploits1References1Affected Software1
osv
osv
added 2023/03/30 6:4 p.m.23 views

CVE-2022-23522 Arbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdb

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

8.5CVSS8.4AI score0.00883EPSS
Exploits1References3
cvelist
cvelist
added 2023/03/30 6:4 p.m.38 views

CVE-2022-23522 Arbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdb

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

8.5CVSS8.8AI score0.00883EPSS
Exploits1References1
hackerone
hackerone
added 2023/03/21 8:33 p.m.49 views

GitHub Security Lab: [ruby]: ZipSlip/TarSlip vulnerability detection

Vulnerability description not provided...

7.1AI score
Exploits0
hackerone
hackerone
added 2022/11/16 3:30 a.m.17 views

GitHub Security Lab: [python] TarSlip vulnerability improvements

Vulnerability description not provided...

7.1AI score
Exploits0
github
github
added 2021/09/01 6:32 p.m.41 views

Tarslip in go-unarr

unarr.go in go-unarr aka Go bindings for unarr 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive...

10CVSS8.9AI score0.02111EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder