GHSA-MVWX-582F-56R7 pyload-ng: Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass

Summary The safeextractall function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix for its path traversal check, which performs character-level string comparison rather than path-level comparison. This allows a specially crafted tar archive to write files outside the intended...

pyload-ng: Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass

Summary The safeextractall function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix for its path traversal check, which performs character-level string comparison rather than path-level comparison. This allows a specially crafted tar archive to write files outside the intended...

PYSEC-2026-124

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the safeextractall function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix for its path traversal check, which performs character-level string comparison rather than path-level...

PYSEC-2026-124

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the safeextractall function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix for its path traversal check, which performs character-level string comparison rather than path-level...

CVE-2026-35592

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the safeextractall function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix for its path traversal check, which performs character-level string comparison rather than path-level...

CVE-2026-35592 pyLoad has an Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the safeextractall function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix for its path traversal check, which performs character-level string comparison rather than path-level...

PT-2026-30897

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev97 Description pyLoad is a free and open-source download manager written in Python. The safe extractall function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix for path traversal checks,...

dbt-common's commonprefix() doesn't protect against path traversal

Impact What kind of vulnerability is it? Who is impacted? A path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that extracted files remain within the intended destination directory...

GHSA-W75W-9QV4-J5XJ dbt-common's commonprefix() doesn't protect against path traversal

Impact What kind of vulnerability is it? Who is impacted? A path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that extracted files remain within the intended destination directory...

PT-2026-23610

Name of the Vulnerable Software and Affected Versions dbt-common versions prior to 1.34.2 dbt-common versions prior to 1.37.3 Description A path traversal issue exists in the safe extract function of dbt-common when extracting tarball archives. The function uses os.path.commonprefix to validate...

PT-2023-9597 · Starlette +2 · Starlette +2

Name of the Vulnerable Software and Affected Versions: Starlette versions 0.13.5 through 0.27.0 Description: The issue is related to a directory traversal vulnerability in Starlette, which allows a remote unauthenticated attacker to view files in a web service built using Starlette. This is due t...

samPHPweb (db.php commonpath) Remote File Inclusion Vulnerability

No description provided by source. +By CrackersChild+ Script.......: samPHPweb Page.........: http://support.spacialaudio.com/forums/viewforum.php?f=22 & http://www.spacialaudio.com/ Author.......: CrackersChild | [email protected] & [email protected] Class........: Remote File nclu...

samPHPweb (db.php commonpath) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================= samPHPweb db.php commonpath Remote File Inclusion Vulnerability ================================================================= +By CrackersChild+ Script.......: samPHPweb...