Lucene search
K

9 matches found

OSV
OSV
added 2026/06/26 7:58 a.m.3 views

OPENSUSE-SU-2026:21066-1 Security update for python-python-multipart

This update for python-python-multipart fixes the following issues - CVE-2026-53537: multipart/form-data with extended parameters can lead to file or parameter smuggling bsc1268506. - CVE-2026-53538: urlencoded requests containing semicolons can lead to form field smuggling bsc1268496. -...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References8
OSV
OSV
added 2026/06/26 7:58 a.m.2 views

SUSE-SU-2026:22372-1 Security update for python-python-multipart

This update for python-python-multipart fixes the following issues - CVE-2026-53537: multipart/form-data with extended parameters can lead to file or parameter smuggling bsc1268506. - CVE-2026-53538: urlencoded requests containing semicolons can lead to form field smuggling bsc1268496. -...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/06/15 5:19 p.m.4 views

NPM: node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

NPM: node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential file smuggling vulnerability discovered by ? in WordPress Npm tar versions = 7.5.15...

6.9CVSS5.8AI score0.00107EPSS
Exploits1References2Affected Software1
RustSec
RustSec
added 2026/05/18 12:0 p.m.18 views

PAX Header Desynchronization in astral-tokio-tar

Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...

5.8AI score
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 5:26 p.m.21 views

astral-tokio-tar is Vulnerable to PAX Header Desynchronization

Impact Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle...

5.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/27 12:0 p.m.8 views

RUSTSEC-2026-0112 PAX Header Desynchronization in astral-tokio-tar

Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...

5.3AI score
Exploits0References3
RustSec
RustSec
added 2026/04/27 12:0 p.m.12 views

PAX Header Desynchronization in astral-tokio-tar

Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...

5.2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/10/21 12:0 p.m.17 views

`tokio-tar` parses PAX extended headers incorrectly, allows file smuggling

The archive reader incorrectly handles PAX extended headers, when the ustar header incorrectly specifies zero size size=000000000000, while a PAX header specifies a non-zero size, tokio-tar::Archive is going to read the file content as tar entry header. This can be used by a tar file to present...

8.1CVSS6.8AI score0.00688EPSS
Exploits1Affected Software1
OSV
OSV
added 2025/10/21 12:0 p.m.6 views

RUSTSEC-2025-0111 `tokio-tar` parses PAX extended headers incorrectly, allows file smuggling

The archive reader incorrectly handles PAX extended headers, when the ustar header incorrectly specifies zero size size=000000000000, while a PAX header specifies a non-zero size, tokio-tar::Archive is going to read the file content as tar entry header. This can be used by a tar file to present...

8.1CVSS6.8AI score0.00688EPSS
Exploits1References3
Rows per page
Query Builder