Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/02/20 4:29 p.m.4 views

CVE-2026-26960

A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the...

7.1CVSS5.5AI score0.00288EPSS
Exploits1References6
SUSE Linux
SUSE Linux
added 2026/01/22 9:7 a.m.8 views

Security update for python3

This update for python3 fixes the following issues: Security fixes: CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter="data" bsc1244032 CVE-2025-4330: Fixed extraction filter bypass for linking outside extraction directory bsc1244060...

8.4CVSS7.2AI score0.27095EPSS
Exploits16References26
RedHat Linux
RedHat Linux
added 2025/12/18 1:35 a.m.5 views

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

7.5CVSS7.3AI score0.01109EPSS
Exploits7References10
RedHat Linux
RedHat Linux
added 2025/07/08 11:17 a.m.7 views

cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters...

5.3CVSS7.1AI score0.00607EPSS
Exploits1References11
CNNVD
CNNVD
added 2023/01/31 12:0 a.m.4 views

yaffshiv 路径遍历漏洞

yaffshiv is a simple YAFFS filesystem parser and extractor from the devttys0 personal developer. A security vulnerability exists in yaffshiv. An attacker can exploit this vulnerability to write arbitrary files outside of the extraction directory by crafting a malicious YAFFS file...

5.5CVSS6AI score0.00354EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2019/03/01 12:0 a.m.6 views

The vulnerability of the unacev2.dll library of the WinRAR file compressor allows attackers to deploy malicious files outside the extraction directory.

The vulnerability of the unacev2.dll file archiver in WinRAR is related to insufficient checking of the file name field during extraction. Exploiting this vulnerability allows a remote attacker to place malicious files outside the extraction directory, using a specially crafted ACE archive...

7.8CVSS6.2AI score0.31528EPSS
Exploits1References5
Rows per page
Query Builder