5 matches found
CVE-2026-29509
Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...
PT-2026-52897
Name of the Vulnerable Software and Affected Versions Patool versions prior to 4.0.5 Description A path traversal issue exists in the safe extract function within patoolib/programs/py tarfile.py when used with Python versions before 3.12. The is within directory helper function utilizes...
GHSA-MVWX-582F-56R7 pyload-ng: Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass
Summary The safeextractall function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix for its path traversal check, which performs character-level string comparison rather than path-level comparison. This allows a specially crafted tar archive to write files outside the intended...
CVE-2026-35592 pyLoad has an Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the safeextractall function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix for its path traversal check, which performs character-level string comparison rather than path-level...
CVE-2026-35592
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the safeextractall function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix for its path traversal check, which performs character-level string comparison rather than path-level...