47 matches found
CVE-2026-56445 pydicom pynetdicom Library Path Traversal
The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...
Astra Linux – Vulnerability in Python 3.11
If the value passed to os.path.expandvars is controlled by the user, there is a possibility of performance degradation when expanding environment variables...
CVE-2026-5422
A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...
EUVD-2026-33905
A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...
CVE-2026-5422
A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...
CVE-2026-5422 Path Traversal in jupyter/jupyter
A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...
CVE-2026-5422
Affected software: jupyter-server 2.17.0. Root cause: path traversal due to an incorrect boundary check in _get_os_path() (uses startswith(root) without trailing separator) and to_os_path() not stripping '..' from path parts. Impact: unauthorized read/write access to files in sibling directories,...
Jupyter Server 安全漏洞
Jupyter Server is an application developed by the Jupyter organization that provides backend services for Jupyter web applications. Version 2.17.0 of Jupyter Server contains a security vulnerability. This vulnerability stems from incorrect root directory boundary checks in the getospath function,...
ROS-20260505-73-0020
A vulnerability in the os.path.expandvars function of the Python programming language interpreter is associated with uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker to cause a denial of service...
ALSA-2026:10950 Important: python3.12 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
RHEL 8 : python3.12 (RHSA-2026:10950)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10950 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
PraisonAIAgents: Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool
Summary The executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This allows exfiltration of secrets stored in environment variabl...
Security update for python311
This update for python311 fixes the following issues: Update to python 3.11.15: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...
Security update for python312
This update for python312 fixes the following issues: Update to Python 3.12.13: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...
SUSE-SU-2026:1107-1 Security update for python312
This update for python312 fixes the following issues: Update to Python 3.12.13: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...
SUSE-SU-2026:1062-1 Security update for python310
This update for python310 fixes the following issues: Update to Python 3.10.20: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...
SUSE-SU-2026:20768-1 Security update for python311
This update for python311 fixes the following issues: Updated to Python 3.11.15: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...
SUSE-SU-2026:20796-1 Security update for python311
This update for python311 fixes the following issues: Updated to Python 3.11.15: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...
Exploit for Path Traversal in Python Setuptools
CVE-2025-47273: Path Traversal in setuptools.packageindex...
CLSA-2026-1773323311 python3.11: Fix of CVE-2025-6075
CVE-2025-6075: fix quadratic complexity in os.path.expandvars...