Lucene search
K

34 matches found

NVD
NVD
added yesterday6 views

CVE-2026-57516

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS
Exploits0References5
EUVD
EUVD
added yesterday6 views

EUVD-2026-41089

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS6.6AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-57516

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS6.6AI score
Exploits0References6
Snyk
Snyk
added 2026/03/03 5:46 p.m.3 views

Symlink Attack

Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Symlink Attack in the safeextracttarfile function. An attacker can overwrite arbitrary files on the host filesystem, potentially leading to remote code execution, by crafting ...

8.8CVSS6.1AI score0.00257EPSS
Exploits1References3
Snyk
Snyk
added 2026/01/27 10:47 p.m.3 views

Relative Path Traversal

Overview @vltpkg/tar is an An extremely limited and very fast tar extractor Affected versions of this package are vulnerable to Relative Path Traversal via improper sanitization of file paths during the extraction process. An attacker can overwrite arbitrary files on the filesystem by crafting ta...

5.9CVSS6AI score0.0018EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/22 12:0 a.m.4 views

TencentOS Server 3: python3 (TSSA-2025:0796)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0796 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.5CVSS6.9AI score0.00611EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-7031

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00293EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-6946

Malicious code in bioql PyPI...

9.1CVSS8AI score0.01357EPSS
Exploits1References4
OSV
OSV
added 2025/09/17 9:39 a.m.6 views

CLSA-2025-1758101956 Fix CVE(s): CVE-2025-8194

SECURITY UPDATE: defect in 'tarfile' module leads to infinite loop and deadlock in parsing of maliciously crafted tar archives - debian/patches/CVE-2025-8194.patch: Validate archives to ensure member offsets are non-negative - CVE-2025-8194...

7.5CVSS6.8AI score0.00611EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/01 12:0 a.m.7 views

Alibaba Cloud Linux 3 : 0147: python3 (ALINUX3-SA-2025:0147)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0147 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-8194: There is a defect in the CPython...

7.5CVSS6.9AI score0.00611EPSS
Exploits0References2
OSV
OSV
added 2025/08/11 3:33 p.m.2 views

BIT-LIBPYTHON-2025-8194 Tarfile infinite loop during parsing with negative member offset

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

7.5CVSS7.1AI score0.00611EPSS
Exploits0References20
OSV
OSV
added 2025/07/28 7:15 p.m.5 views

CVE-2025-8194

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

7.5CVSS7.1AI score
Exploits0References13
CNNVD
CNNVD
added 2025/07/28 12:0 a.m.2 views

CPython 安全漏洞

CPython is a Python interpreter implemented in C from the Python Foundation. A security vulnerability exists in CPython that stems from a malicious tar file that could lead to an infinite loop and deadlock...

7.5CVSS6.6AI score0.00611EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2025/07/02 6:27 a.m.4 views

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

7.5CVSS6.2AI score0.00767EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2025/07/01 9:13 p.m.6 views

cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters...

5.3CVSS7.1AI score0.00607EPSS
Exploits1References11
Veracode
Veracode
added 2025/06/05 11:3 a.m.8 views

Path Traversal

Python tarfile module is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during extraction with TarFile.extractall or TarFile.extract when using the filter="data" or filter="tar" parameter, which allows an attacker to craft a malicious tar archive that...

9.4CVSS5.9AI score0.01184EPSS
Exploits11References16Affected Software2
RedhatCVE
RedhatCVE
added 2025/06/03 2:51 p.m.12 views

CVE-2024-12718

A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters. Mitigation Mitigatio...

7.6CVSS6.6AI score0.00607EPSS
Exploits1References10
Snyk
Snyk
added 2025/04/18 3:19 p.m.4 views

Deserialization of Untrusted Data

Overview torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Deserialization of Untrusted Data when using the torch.load function on an untrusted model with weightsonly=True, which is documented to be secure. Th...

9.8CVSS6.9AI score0.01878EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.2 views

tar-fs 安全漏洞

tar-fs is a tar-stream file system bundle. A security vulnerability exists in tar-fs versions prior to 1.16.4, prior to 2.1.2, and prior to 3.0.8, which originates from path traversal when decompressing a malicious tar file...

7.5CVSS7.5AI score0.02186EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2025/03/20 4:24 p.m.5 views

CVE-2024-7776

A flaw was found in the ONNX framework. This vulnerability allows arbitrary file overwrite via a path traversal attack in malicious tar files. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprisi...

8.1CVSS7AI score0.01357EPSS
Exploits1References4
Rows per page
Query Builder