CVE-2026-41140

Poetry 2.x prior to 2.3.4 is affected by a path-traversal in extractall() for tar archives when tarfile.data_filter is unavailable. Affected Python ranges are 3.10.0–3.10.12 and 3.11.0–3.11.4; the vulnerability could allow writing files outside the extraction directory during sdist handling in po...

Directory Traversal

Overview poetry is a Python dependency management and packaging made easy. Affected versions of this package are vulnerable to Directory Traversal via the extractall function in src/poetry/utils/helpers.py that extracts sdist tarballs without path traversal protection on Python versions where...

Python 代码问题漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python versions 3.11 through 3.11.4, which stems from the presence of unexpecte...