Lucene search
K

16 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/28 7:38 p.m.10 views

Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2026-29790 DESCRIPTION: dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path...

7.5CVSS6AI score0.0058EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.6 views

CVE-2026-29790

dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that...

5.3CVSS5.7AI score0.00262EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/06 10:54 p.m.4 views

dbt-databricks (>=1.11.1 <=1.11.3) potentially affected by CVE-2026-29790 via dbt-common (=1.36.0)

dbt-common PYPI version =1.36.0 is affected by a known vulnerability. The following packages have a transitive dependency on dbt-common and may be impacted: - dbt-databricks =1.11.1, =1.11.3 Source cves: CVE-2026-29790 Source advisory: SNYK:PYTHON-DBTCOMMON-15440507...

5.3CVSS5.8AI score0.00262EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/06 10:54 p.m.3 views

acdc-aws-etl-pipeline (>=0.1.7 <=0.5.9), airflow-dbt-python (=2.1.0) +49 more potentially affected by CVE-2026-29790 via dbt-common (>=1.0.0b2 <=1.33.0)

dbt-common PYPI version =1.0.0b2, =0.1.7, =0.1.5, =0.21.7, =0.0.1rc1, =0.1.0a1, =1.0.9, =1.8.0, =1.5.2, =1.8.0, =1.8.0, =1.8.15 and more Source cves: CVE-2026-29790 Source advisory: SNYK:PYTHON-DBTCOMMON-15440507...

5.3CVSS5.7AI score0.00262EPSS
Exploits0
Snyk
Snyk
added 2026/03/06 10:54 p.m.1 views

Directory Traversal

Overview dbt-common is a The shared common utilities that dbt-core and adapter implementations use Affected versions of this package are vulnerable to Directory Traversal via the safeextract function. An attacker can write files outside the intended extraction directory by supplying a malicious...

5.3CVSS6.2AI score0.00262EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 9:16 p.m.9 views

CVE-2026-29790

dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that...

5.3CVSS0.00262EPSS
Exploits0References3
CVE
CVE
added 2026/03/06 8:37 p.m.27 views

CVE-2026-29790

dbt-common is affected by CVE-2026-29790 due to a path-traversal vulnerability in safe_extract() that uses os.path.commonprefix() for extraction path validation. Because commonprefix() compares paths character-by-character rather than by path components, a malicious tarball could write files outs...

5.3CVSS5.7AI score0.00262EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/06 8:37 p.m.3 views

CVE-2026-29790

dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that...

2CVSS5.7AI score0.00262EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 8:37 p.m.2 views

CVE-2026-29790 dbt-common: commonprefix() doesn't protect against path traversal

dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that...

2CVSS5.7AI score0.00262EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/06 8:37 p.m.22 views

CVE-2026-29790 dbt-common: commonprefix() doesn't protect against path traversal

dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that...

2CVSS0.00262EPSS
Exploits0References3
OSV
OSV
added 2026/03/06 8:37 p.m.7 views

CVE-2026-29790 dbt-common: commonprefix() doesn't protect against path traversal

dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that...

2CVSS5.7AI score0.00262EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/05 12:59 a.m.10 views

dbt-common's commonprefix() doesn't protect against path traversal

Impact What kind of vulnerability is it? Who is impacted? A path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that extracted files remain within the intended destination directory...

5.3CVSS6AI score0.00262EPSS
Exploits0References7Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/05 12:59 a.m.5 views

acdc-aws-etl-pipeline (>=0.1.7 <=0.5.9), airflow-dbt-python (=2.1.0) +49 more potentially affected by unknown CVE via dbt-common (>=1.0.0b2 <=1.33.0)

dbt-common PYPI version =1.0.0b2, =0.1.7, =0.1.5, =0.21.7, =0.0.1rc1, =0.1.0a1, =1.0.9, =1.8.0, =1.5.2, =1.8.0, =1.8.0, =1.8.15 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-DBTCOMMON-15426567...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/05 12:59 a.m.4 views

dbt-databricks (>=1.11.1 <=1.11.3) potentially affected by unknown CVE via dbt-common (=1.36.0)

dbt-common PYPI version =1.36.0 is affected by a known vulnerability. The following packages have a transitive dependency on dbt-common and may be impacted: - dbt-databricks =1.11.1, =1.11.3 Source cves: unknown CVE Source advisory: SNYK:PYTHON-DBTCOMMON-15426567...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/05 12:59 a.m.5 views

GHSA-W75W-9QV4-J5XJ dbt-common's commonprefix() doesn't protect against path traversal

Impact What kind of vulnerability is it? Who is impacted? A path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that extracted files remain within the intended destination directory...

2CVSS6AI score0.00262EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.8 views

PT-2026-23610

Name of the Vulnerable Software and Affected Versions dbt-common versions prior to 1.34.2 dbt-common versions prior to 1.37.3 Description A path traversal issue exists in the safe extract function of dbt-common when extracting tarball archives. The function uses os.path.commonprefix to validate...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References14
Rows per page
Query Builder