2 matches found
CVE-2026-41140
Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.datafilter is unavailable. Considering only Python versions which are still supporte...
Poetry 路径遍历漏洞
Poetry is an open-source Python tool used for dependency management and packaging. Versions of Poetry prior to 2.3.4 contained a path traversal vulnerability. This vulnerability stemmed from the extractall function failing to provide path traversal protection when extracting sdist tarballs on...