GHSA-3363-2PH6-35WH Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator

Summary A path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder flag, it exposes a GET /files/filename:path download endpoint. The filename path parameter is concatenated directly onto args.folder with no...

Malicious code in pathlib-v2-utility (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c8dc8b60e188fb941aeb9f5b6207d2c0fcab27719a142558498bf72d1602d992 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...

MAL-2026-697 Malicious code in pathlib-v2-utility (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c8dc8b60e188fb941aeb9f5b6207d2c0fcab27719a142558498bf72d1602d992 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...

Path Traversal

Copier is vulnerable to Path Traversal. The vulnerability is due to exposing unconstrained pathlib.Path objects in the Jinja context, which allows an attacker to read and write arbitrary files on the filesystem...

Copier's safe template has arbitrary filesystem read/write access

Impact Copier's current security model shall restrict filesystem access through Jinja: - Files can only be read using % include ... %, which is limited by Jinja to reading files from the subtree of the local template clone in our case. - Files are written in the destination directory according to...

GHSA-3XW7-V6CJ-5Q8H Copier's safe template has arbitrary filesystem read/write access

Impact Copier's current security model shall restrict filesystem access through Jinja: - Files can only be read using % include ... %, which is limited by Jinja to reading files from the subtree of the local template clone in our case. - Files are written in the destination directory according to...

Arbitrary File Read/Write

Overview copier is an A library for rendering project templates. Affected versions of this package are vulnerable to Arbitrary File Read/Write via the exposure of pathlib.Path objects in the Jinja context, which have unconstrained I/O methods. An attacker can access or modify arbitrary files on t...

Moderate: Red Hat Security Advisory: RHOSP 17.1.4 (python-zipp) security update

An update for python-zipp is now available for Red Hat OpenStack Platform RHOSP 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Fedora: Security Advisory (FEDORA-2024-c678f46845)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the jaraco/zipp library, which is compatible with the pathlib API of the Zipfile library, allows a attacker to cause a service failure.

The vulnerability of the jaraco/zipp library, which is compatible with the pathlib API of the Zipfile library, relates to the processing of specially created zip files. This can lead to an infinite loop. Exploiting this vulnerability could allow a attacker to cause a service failure...

OESA-2024-1889 python-zipp security update

A pathlib-compatible Zipfile object wrapper. A backport of the Path object. Security Fixes: A Denial of Service DoS vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an...

[SECURITY] Fedora 39 Update: python-zipp-3.16.2-3.fc39

A pathlib-compatible Zipfile object wrapper. A backport of the Path object...

[SECURITY] Fedora 40 Update: python-zipp-3.17.0-4.fc40

A pathlib-compatible Zipfile object wrapper. A backport of the Path object...

USN-6906-1: python-zipp vulnerability

It was discovered that python-zipp did not properly handle the zip files with malformed names. An attacker could possibly use this issue to cause a denial of service...

ROS-20240719-03

A vulnerability in the jaraco/zipp library of the pathlib-compatible Zipfile object shell is related to the processing of specially crafted zip files, resulting in an infinite loop. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of service...

HT Editor 2.0.18 - File Opening Stack Overflow

HT Editor 2.0.18 - File Opening Stack Overflow Exploit Title: HT Editor File openning Stack Overflow 0day Date: March 30th 2011 Author: ZadYree Software Link: http://hte.sourceforge.net/downloads.html Version: Thanks =cut use 5.010; my $esp, $retaddr; my $scz =...