CVE-2026-29790 dbt-common: commonprefix() doesn't protect against path traversal

dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that...

CVE-2026-29790

dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that...

CVE-2026-29790 dbt-common: commonprefix() doesn't protect against path traversal

dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that...

dbt-common 路径遍历漏洞

dbt-common is a publicly available tool library developed by dbt Labs as an open-source data building tool. Versions of dbt-common prior to 1.34.2 and 1.37.3 contained a path traversal vulnerability. This vulnerability stemmed from the safeextract function using os.path.commonprefix for path...

Directory Traversal

Overview dbt-common is a The shared common utilities that dbt-core and adapter implementations use Affected versions of this package are vulnerable to Directory Traversal in the safeextract process. An attacker can write files to unintended sibling directories by crafting a malicious tarball that...

CVE-2026-22871

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the safeextract function. An attacker can exhaust disk space and disrupt services by submitting ...

GHSA-FFJ4-JQ7M-9G6V GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS

Summary GuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabytes of disk space from a few megabytes of compressed data...

GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS

Summary GuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabytes of disk space from a few megabytes of compressed data...

CVE-2026-22871 GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...

CVE-2026-22870

GuardDog vulnerability CVE-2026-22870 affects the GuardDog CLI. The safe_extract() function does not validate decompressed sizes when extracting ZIP archives (e.g., wheels/eggs), enabling denial-of-service via zip bombs that can exhaust disk space from a small compressed payload. The issue is fix...

CVE-2026-22870 GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabyt...

Path Traversal

clearml is vulnerable to Path Traversal. The vulnerability is due to improper handling of symbolic and hard links in the safeextract function, which allows an attacker to write files outside the intended directory and potentially achieve remote code execution...

GHSA-579P-QF78-FQM2 clearml is vulnerable to Path Traversal through its `safe_extract` function

A vulnerability in clearml versions before 2.0.2 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files...

CVE-2025-8917 Path Traversal Leading to Remote Code Execution in allegroai/clearml

A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...

CVE-2025-8917 Path Traversal Leading to Remote Code Execution in allegroai/clearml

A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...

CVE-2025-8917

Path traversal vulnerability in allegroai/clearml v2.0.1 due to unsafe handling of symbolic and hard links in safe_extract. This can lead to arbitrary file writes outside the target directory and potentially remote code execution if critical files are overwritten. Remediation per multiple sources...

clearml 安全漏洞

clearml is a large model pipeline tool for allegroai individual developers. A security vulnerability exists in clearml version v2.0.1, which stems from improper handling of symbolic links and hard links by the safeextract function, which could lead to arbitrary file writes and remote code executi...