2 matches found
CVE-2026-29509 Patool < 4.0.5 Path Traversal via safe_extract() Function
Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...
PT-2026-52897
Name of the Vulnerable Software and Affected Versions Patool versions prior to 4.0.5 Description A path traversal issue exists in the safe extract function within patoolib/programs/py tarfile.py when used with Python versions before 3.12. The is within directory helper function utilizes...