11 matches found
EUVD-2002-0396
Malware in sbrugna...
Medium: python
Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...
Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2025-924)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-924 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence...
Amazon Linux 2 : python38-pip (ALASPYTHON3.8-2025-018)
The version of python38-pip installed on the remote host is prior to 21.0.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2PYTHON3.8-2025-018 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows...
Archive-Tar-Minitar Directory Traversal Vulnerability
Minitar allows attackers to overwrite arbitrary files during archive extraction via a .. dot dot in an extracted filename. Analogous vulnerabilities for unzip and tar: https://www.cvedetails.com/cve/CVE-2001-1268/ and http://www.cvedetails.com/cve/CVE-2001-1267/ Credit: ecneladis...
CVE-2007-4559
Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...
Directory traversal
Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...
CVE-2001-1267
The CVE-2001-1267 entry describes a directory traversal in GNU tar
CVE-2001-1267
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. dot dot...
RHEL 2.1 : unzip (RHSA-2002:138)
The unzip and tar utilities contain vulnerabilities which can allow arbitrary files to be overwritten during archive extraction. The unzip and tar utilities are used for dealing with archives, which are multiple files stored inside of a single file. A directory traversal vulnerability in unzip...
CVE-2002-0399
CVE-2007-4559 is a directory traversal vulnerability in the tarfile module of Python, allowing a tar archive containing a .. sequence to overwrite arbitrary files during extraction. The issue is referenced in multiple Nessus advisories (e.g., Alibaba Cloud Linux 3 advisory ALINUX3-SA-2024:0040 an...