Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-4360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted...

2CVSS6AI score0.00304EPSS
Exploits0References3
CVE
CVE
added 6 days ago8 views

CVE-2026-4360

CVE-2026-4360 affects Python’s tarfile module, where TarFile.extract() fails to propagate the filter parameter for hardlinks, allowing extraction from untrusted tar archives to write files with unexpected uid/gid even when filter='data' is requested. The issue is documented in CPython commits/iss...

2CVSS5.8AI score0.00304EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/16 2:33 p.m.27 views

Microsoft Security Advisory CVE-2026-45491 – .NET Tampering Vulnerability

Executive Summary Microsoft is releasing this security advisory to provide information about a vulnerability in System.Formats.Tar. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A tampering vulnerability exists in the...

6.2CVSS5.6AI score0.00388EPSS
Exploits0References5Affected Software3
RedHat Linux
RedHat Linux
added 2025/12/18 1:35 a.m.5 views

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

7.5CVSS7.3AI score0.01109EPSS
Exploits7References10
Veracode
Veracode
added 2025/12/13 7:44 a.m.7 views

Path Traversal

Keras is vulnerable to path traversal. The vulnerability is due to the keras.utils.getfile API using Python’s tarfile.extractall without the filter="data" protection when extracting tar archives, which allows a remote attacker to craft a malicious archive with symlinks and write arbitrary files...

8.9CVSS5.9AI score0.00593EPSS
Exploits0References7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 10:44 p.m.11 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to extraction filter issues due to the python package (CVE-2025-4330, CVE-2025-4435)

Summary Python is used by DataStage on Cloud Pak for Data as part of general processing functionality. Vulnerability Details CVEID:CVE-2025-4330 DESCRIPTION: Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of so...

7.5CVSS7.8AI score0.00767EPSS
Exploits2Affected Software1
Redos
Redos
added 2025/08/19 12:0 a.m.7 views

ROS-20250819-06

Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of restricted directory. Python programming language interpreter CPython functions TarFile.extractall and...

9.4CVSS5.9AI score0.01184EPSS
Exploits11
OSV
OSV
added 2025/08/11 1:52 p.m.6 views

BIT-LIBPYTHON-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

5.3CVSS8AI score0.00607EPSS
Exploits1References14
RedHat Linux
RedHat Linux
added 2025/07/08 11:17 a.m.6 views

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

7.5CVSS6.6AI score0.01109EPSS
Exploits7References10
RedHat Linux
RedHat Linux
added 2025/07/07 4:21 p.m.6 views

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

7.5CVSS6.6AI score0.01109EPSS
Exploits7References10
Rows per page
Query Builder