PT-2026-43163

Name of the Vulnerable Software and Affected Versions Archive::Tar versions prior to 3.08 Description Archive::Tar for Perl allows the extraction of hardlinks to attacker-controlled paths outside the intended extraction directory. The function make special file passes the tar header's linkname to...

CVE-2023-4760 Remote Code Execution in Eclipse RAP on Windows

In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileNameString name method. As soon as this...

MindsDB path traversal vulnerability (CNVD-2023-32764)

MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. A path traversal vulnerability exists in MindsDB version v23.1.5.0 and prior versions, which stems from performing an insecure extraction from a remotely retrieved tarball using tarfile.extractall, resulting in writing t...

MindsDB 路径遍历漏洞

MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. A path traversal vulnerability exists in MindsDB version v23.1.5.0 and prior versions, which stems from performing an insecure extraction from a remotely retrieved tarball using tarfile.extractall, resulting in writing t...