143 matches found
CVE-2025-4330
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...
CVE-2024-12718
Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...
CVE-2025-4330 Extraction filter bypass for linking outside extraction directory
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...
CVE-2025-4330
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...
Python 安全漏洞
Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.12 and later, which stems from an extract filter that can be ignored a...
Python 安全漏洞
Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.12 and later, which stems from the tarfile module extraction filter...
Python 安全漏洞
Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.12 and later, which stems from an extraction filter that allows...
RHEL 9 : python3.12-cryptography (RHSA-2025:7317)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:7317 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...
OPENSUSE-SU-2025:15163-1 python312-3.12.10-4.1 on GA media
These are all security issues fixed in the python312-3.12.10-4.1 package on the GA media of openSUSE Tumbleweed...
RHEL 9 : python3.12 (RHSA-2025:7107)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7107 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...
RHEL 9 : python3.12 (RHSA-2025:3631)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3631 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...
Medium: python3.12
Issue Overview: The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could...
GHSA-6JR7-XR67-MGXW vulnerabilities
Vulnerabilities for packages: python...
GHSA-6JR7-XR67-MGXW vulnerabilities
Vulnerabilities for packages: python...
[SECURITY] Fedora 40 Update: python3.12-3.12.9-1.fc40
Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...
[SECURITY] Fedora 41 Update: python3.12-3.12.9-1.fc41
Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...
PYSEC-2025-62
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-i...
GHSA-RM76-4MRF-V9R8 vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache
Summary Maliciously constructed prompts can lead to hash collisions, resulting in prefix cache reuse, which can interfere with subsequent responses and cause unintended behavior. Details vLLM's prefix caching makes use of Python's built-in hash function. As of Python 3.12, the behavior of hashNon...
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache
Summary Maliciously constructed prompts can lead to hash collisions, resulting in prefix cache reuse, which can interfere with subsequent responses and cause unintended behavior. Details vLLM's prefix caching makes use of Python's built-in hash function. As of Python 3.12, the behavior of hashNon...
Security update for python-requests
This update for python-requests fixes the following issues: Update to 2.32.2 To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed getconnection to a new public API, getconnectionwithtlscontext. Existing custom HTTPAdapters will need to...