Lucene search
K

36 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-29509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12,...

5.4CVSS6.1AI score0.00285EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 8:16 p.m.4 views

DEBIAN-CVE-2026-29509

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 7:31 p.m.7 views

EUVD-2026-39879

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:31 p.m.6 views

CVE-2026-29509

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References4
CVE
CVE
added 2026/06/26 7:31 p.m.23 views

CVE-2026-29509

Patool before 4.0.5 is vulnerable to a path traversal in the safe_extract() function (patoolib/programs/py_tarfile.py). The is_within_directory() helper uses character-level comparison via os.path.commonprefix(), not path-level checks, allowing a crafted archive member path to bypass containment ...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52897

Name of the Vulnerable Software and Affected Versions Patool versions prior to 4.0.5 Description A path traversal issue exists in the safe extract function within patoolib/programs/py tarfile.py when used with Python versions before 3.12. The is within directory helper function utilizes...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References5
OSV
OSV
added 2026/05/08 1:38 p.m.1 views

CVE-2026-44340 PraisonAI: Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`

PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the safeextractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but does not validate...

8.7CVSS6AI score0.00433EPSS
Exploits1References3
OSV
OSV
added 2026/04/10 7:27 p.m.1 views

GHSA-99G3-W8GR-X37C PraisonAI vulnerable to arbitrary file write via path traversal in `praisonai recipe unpack`

| Field | Value | |---|---| | Severity | Critical | | Type | Path traversal -- arbitrary file write via tar.extract without member validation | | Affected | src/praisonai/praisonai/cli/features/recipe.py:1170-1172 | Summary cmdunpack in the recipe CLI extracts .praison tar archives using raw...

9.4CVSS6AI score0.00379EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.6 views

CVE-2026-29790

dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that...

5.3CVSS5.7AI score0.00262EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/06 10:54 p.m.1 views

Directory Traversal

Overview dbt-common is a The shared common utilities that dbt-core and adapter implementations use Affected versions of this package are vulnerable to Directory Traversal via the safeextract function. An attacker can write files outside the intended extraction directory by supplying a malicious...

5.3CVSS6.2AI score0.00262EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 9:16 p.m.9 views

CVE-2026-29790

dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that...

5.3CVSS0.00262EPSS
Exploits0References3
CVE
CVE
added 2026/03/06 8:37 p.m.23 views

CVE-2026-29790

dbt-common is affected by CVE-2026-29790 due to a path-traversal vulnerability in safe_extract() that uses os.path.commonprefix() for extraction path validation. Because commonprefix() compares paths character-by-character rather than by path components, a malicious tarball could write files outs...

5.3CVSS5.7AI score0.00262EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 8:37 p.m.2 views

CVE-2026-29790 dbt-common: commonprefix() doesn't protect against path traversal

dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that...

2CVSS5.7AI score0.00262EPSS
Exploits0References3
OSV
OSV
added 2026/03/05 12:59 a.m.5 views

GHSA-W75W-9QV4-J5XJ dbt-common's commonprefix() doesn't protect against path traversal

Impact What kind of vulnerability is it? Who is impacted? A path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that extracted files remain within the intended destination directory...

2CVSS6AI score0.00262EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/05 12:59 a.m.9 views

dbt-common's commonprefix() doesn't protect against path traversal

Impact What kind of vulnerability is it? Who is impacted? A path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that extracted files remain within the intended destination directory...

5.3CVSS6AI score0.00262EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.7 views

PT-2026-23610

Name of the Vulnerable Software and Affected Versions dbt-common versions prior to 1.34.2 dbt-common versions prior to 1.37.3 Description A path traversal issue exists in the safe extract function of dbt-common when extracting tarball archives. The function uses os.path.commonprefix to validate...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References14
OSV
OSV
added 2026/03/03 5:46 p.m.3 views

GHSA-M6W7-QV66-G3MF BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction

Arbitrary File Write via Symlink Path Traversal in Tar Extraction Summary The safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path, not the symlink's target. An attacker can create a...

8.6CVSS6.5AI score0.00257EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/03 5:46 p.m.4 views

Symlink Attack

Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Symlink Attack in the safeextracttarfile function. An attacker can overwrite arbitrary files on the host filesystem, potentially leading to remote code execution, by crafting ...

8.8CVSS6.1AI score0.00257EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.8 views

BentoML 后置链接漏洞

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.36, there was a post-link vulnerability. This vulnerability stemmed from the safeextracttarfile function,...

8.6CVSS6.1AI score0.00257EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/13 9:54 p.m.6 views

Directory Traversal

Overview guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages Affected versions of this package are vulnerable to Directory Traversal via the safeextract function. An attacker can overwrite arbitrary files and potentially execute code by crafting a malicious archive with path...

9.8CVSS7.7AI score0.00946EPSS
Exploits0References2
Rows per page
Query Builder