10 matches found
CVE-2026-43637
Cornac before 2.6.0 is affected by a path traversal (Tar Slip) in the _extract_archive() function (cornac/utils/download.py). The vulnerability allows an attacker to write arbitrary files outside the intended cache directory by supplying crafted TAR archives with ../ sequences, absolute paths, or...
EUVD-2026-44669
Cornac before 2.6.0 contains a path traversal Tar Slip vulnerability that allows attackers to write arbitrary files outside the intended cache directory by supplying a crafted TAR archive containing ../ sequences, absolute paths, or symlink/hardlink entries to the extractarchive function in...
CVE-2026-42453
Termix is affected by a command injection in the file-manager.ts endpoints extractArchive and compressFiles due to the use of double-quoted strings for shell construction, enabling $(command) substitution on the remote SSH host. This vulnerability (CVE-2026-42453) can lead to arbitrary command ex...
CVE-2026-42453 Termix: Command injection in extractArchive/compressFiles via double-quote escaping bypass
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operation...
Directory Traversal
Overview gdown is a Google Drive Public File/Folder Downloader Affected versions of this package are vulnerable to Directory Traversal via the extractall function. An attacker can overwrite arbitrary files on the file system by supplying a maliciously crafted ZIP or TAR archive containing path...
CVE-2025-15036 Path Traversal Vulnerability in mlflow/mlflow
A path traversal vulnerability exists in the extractarchivetodir function within the mlflow/pyfunc/dbconnectartifactcache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An...
CVE-2025-15036 Path Traversal Vulnerability in mlflow/mlflow
A path traversal vulnerability exists in the extractarchivetodir function within the mlflow/pyfunc/dbconnectartifactcache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An...
MLflow Tarfile Path traversal in mlflow/mlflow
Description Vulnerability Report: Unsafe Tar Extraction Path Traversal Due to the lack of path traversal verification in the tar decompression part, it may lead to the possibility of overwriting any file or gaining elevated privileges. This is a non-expected vulnerability. Location File:...
CVE-2023-37460
CVE-2023-37460 affects Plexis Archiver (Plexus Archiver) prior to version 4.8.0. The issue arises when extracting archives with an entry that already exists as a symlink whose target does not exist; resolveFile() returns the symlink source instead of the target, allowing subsequent Files.newOutpu...
CVE-2006-6097
Summary: CVE-2006-6097 affects GNU tar (notably v1.15.1 and v1.16) due to improper handling of GNUTYPE_NAMES symlink records during extraction, enabling a user-assisted attacker to overwrite arbitrary files. Multiple advisories report the issue as a path-traversal vulnerability in tar extraction,...