2 matches found
GHSA-7X45-PHMR-9WQP Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location
Summary An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip variant. Details Unpacking files using the...
OS Command Injection
Ansible is vulnerable to OS command injection. The attack is possible because the module nxosfilecopy does not validate the remotefile parameter and directly uses the filenames from the parameter to copy files to a flash or bootflash on NXOS devices, allowing an attacker to inject malicious comma...