Lucene search
K

10 matches found

OSV
OSV
added 2026/06/26 7:58 a.m.3 views

OPENSUSE-SU-2026:21066-1 Security update for python-python-multipart

This update for python-python-multipart fixes the following issues - CVE-2026-53537: multipart/form-data with extended parameters can lead to file or parameter smuggling bsc1268506. - CVE-2026-53538: urlencoded requests containing semicolons can lead to form field smuggling bsc1268496. -...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References8
OSV
OSV
added 2026/06/26 7:58 a.m.2 views

SUSE-SU-2026:22372-1 Security update for python-python-multipart

This update for python-python-multipart fixes the following issues - CVE-2026-53537: multipart/form-data with extended parameters can lead to file or parameter smuggling bsc1268506. - CVE-2026-53538: urlencoded requests containing semicolons can lead to form field smuggling bsc1268496. -...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References9
OSV
OSV
added 2026/06/22 2:55 p.m.1 views

CVE-2026-53655 node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/06/15 5:19 p.m.5 views

NPM: node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

NPM: node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential file smuggling vulnerability discovered by ? in WordPress Npm tar versions = 7.5.15...

6.9CVSS5.8AI score0.00107EPSS
Exploits1References2Affected Software1
RustSec
RustSec
added 2026/05/18 12:0 p.m.19 views

PAX Header Desynchronization in astral-tokio-tar

Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...

5.8AI score
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 5:26 p.m.21 views

astral-tokio-tar is Vulnerable to PAX Header Desynchronization

Impact Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle...

5.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/27 12:0 p.m.8 views

RUSTSEC-2026-0112 PAX Header Desynchronization in astral-tokio-tar

Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...

5.3AI score
Exploits0References3
RustSec
RustSec
added 2026/04/27 12:0 p.m.12 views

PAX Header Desynchronization in astral-tokio-tar

Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...

5.2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/10/21 12:0 p.m.17 views

`tokio-tar` parses PAX extended headers incorrectly, allows file smuggling

The archive reader incorrectly handles PAX extended headers, when the ustar header incorrectly specifies zero size size=000000000000, while a PAX header specifies a non-zero size, tokio-tar::Archive is going to read the file content as tar entry header. This can be used by a tar file to present...

8.1CVSS6.8AI score0.00688EPSS
Exploits1Affected Software1
OSV
OSV
added 2025/10/21 12:0 p.m.7 views

RUSTSEC-2025-0111 `tokio-tar` parses PAX extended headers incorrectly, allows file smuggling

The archive reader incorrectly handles PAX extended headers, when the ustar header incorrectly specifies zero size size=000000000000, while a PAX header specifies a non-zero size, tokio-tar::Archive is going to read the file content as tar entry header. This can be used by a tar file to present...

8.1CVSS6.8AI score0.00688EPSS
Exploits1References3
Rows per page
Query Builder