Lucene search
K

101 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-259 Aim External Control of File Name or Path vulnerability

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...

9.1CVSS7.5AI score0.0081EPSS
Exploits1References5
OSV
OSV
added 2026/06/29 11:14 a.m.5 views

BIT-PYTHON-MIN-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.7AI score0.00613EPSS
Exploits0References9
OSV
OSV
added 2026/06/29 11:14 a.m.5 views

BIT-PYTHON-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.7AI score0.00613EPSS
Exploits0References9
NVD
NVD
added 2026/06/24 8:16 p.m.7 views

CVE-2026-23879

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS0.00404EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 5:16 p.m.6 views

CVE-2026-11940

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS0.00613EPSS
Exploits0References8
OSV
OSV
added 2026/06/23 4:4 p.m.6 views

PSF-2026-30

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.8AI score0.00613EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/06/23 4:4 p.m.6 views

CVE-2026-11940

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.8AI score0.00613EPSS
Exploits0
EUVD
EUVD
added 2026/06/23 4:4 p.m.5 views

EUVD-2026-38490

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS6.6AI score0.00805EPSS
Exploits2References7
CVE
CVE
added 2026/06/23 4:4 p.m.59 views

CVE-2026-11940

CVE-2026-11940 concerns tarfile.extractall() in Python’s tarfile handling where a crafted archive can bypass the filter for data/tar and cause a symlink outside the destination directory to be created by abusing a hardlink referencing a deeper symlink. The extraction fallback validates the symlin...

7.8CVSS5.8AI score0.00613EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/19 7:21 p.m.5 views

Symlink Attack

Overview py7zr is a Pure python 7-zip library Affected versions of this package are vulnerable to Symlink Attack in the extractall method. An attacker can overwrite arbitrary files on the host system by crafting malicious archives containing symbolic link chains that escape the intended extractio...

8.6CVSS6.3AI score0.00404EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51047

Name of the Vulnerable Software and Affected Versions py7zr version 1.1.0 Description An arbitrary file write issue exists when using the extractall function to extract an archive. The software fails to properly restrict the targets of symbolic links, allowing crafted malicious symbolic link chai...

8CVSS6.3AI score0.00404EPSS
Exploits0References11
OSV
OSV
added 2026/06/08 8:13 a.m.9 views

BIT-PYTHON-MIN-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

6.9CVSS5.4AI score0.00622EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/04 2:21 p.m.77 views

CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

6.9CVSS0.00622EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Python 安全漏洞

Python is an open-source, object-oriented programming language developed by the Python Foundation. This language features extensibility, support for modules and packages, and compatibility with multiple platforms. There are security vulnerabilities in Python, where the tarfile.datafilter can be...

6.9CVSS5.3AI score0.00622EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Python 3.11

It allows the extraction filter to be ignored, enabling symlink targets to point outside the destination directory, and modifying some file metadata. This vulnerability affects users who use the TarFile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract, with the...

7.5CVSS6.4AI score0.01109EPSS
Exploits7References2
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.16 views

PT-2026-41317

Name of the Vulnerable Software and Affected Versions Microsoft APM versions prior to 0.13.0 Description Microsoft APM contains a Windows-specific archive extraction boundary failure affecting users on Python 3.10 and 3.11 runtimes. When the apm install command is provided with a local .tar.gz fi...

5.5CVSS5.9AI score0.0061EPSS
Exploits0References7
OSV
OSV
added 2026/05/11 1:59 p.m.5 views

GHSA-9Q28-GHCR-C4X3 PraisonAI's symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`

Summary The safeextractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but does not validate member.linkname, does not reject symlink/hardlink members, and calls...

8.7CVSS6AI score0.00433EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/11 1:59 p.m.13 views

PraisonAI's symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`

Summary The safeextractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but does not validate member.linkname, does not reject symlink/hardlink members, and calls...

8.7CVSS6AI score0.00433EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/05/08 4:31 p.m.10 views

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.7CVSS6.3AI score0.00433EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/08 1:38 p.m.9 views

CVE-2026-44340 PraisonAI: Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`

PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the safeextractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but does not validate...

8.7CVSS5.9AI score0.00433EPSS
Exploits1References1
Rows per page
Query Builder