15 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-41140
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path...
CVE-2026-41140
A flaw was found in Poetry, a dependency manager for Python. This vulnerability allows a remote attacker to perform a path traversal attack. By crafting a malicious software package, the extractall function in Poetry can be tricked into writing files to unintended locations on the system. This...
GHSA-76HW-P97H-883F gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall
Summary The gdown library tested on v5.2.1 is vulnerable to a Path Traversal attack within its extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members. This allow files to be written outside...
gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall
Summary The gdown library tested on v5.2.1 is vulnerable to a Path Traversal attack within its extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members. This allow files to be written outside...
BIT-PYTHON-MIN-2007-4559
Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...
BIT-PYTHON-2007-4559
Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...
ROS-20250819-05
Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of restricted directory. Python programming language interpreter CPython functions TarFile.extractall and...
python: tarfile module directory traversal
A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...
EulerOS 2.0 SP11 : python3 (EulerOS-SA-2023-2663)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote...
python: tarfile module directory traversal
A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...
python: tarfile module directory traversal
A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...
PT-2022-27330 · Py7Zr +2 · Py7Zr +2
Name of the Vulnerable Software and Affected Versions: py7zr versions 0.20.0 and earlier Description: A directory traversal issue in the SevenZipFile.extractall function allows attackers to write arbitrary files by extracting a crafted 7z file. Recommendations: For py7zr versions 0.20.0 and...
AZL-6828 CVE-2007-4559 affecting package python3 for versions less than 3.9.19-1
Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...
AZL-6822 CVE-2007-4559 affecting package python2 for versions less than 2.7.18-8
Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...
PSF-2007-2 Directory path traversal in extract() and extractall() tarfile functions via '..' (dot dot) sequences
Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...