Lucene search
K

53 matches found

RedHat Linux
RedHat Linux
added 2026/06/29 2:36 a.m.7 views

perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access

A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...

9.1CVSS5.9AI score0.0043EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/26 8:32 p.m.26 views

CVE-2026-54352 Budibase: Arbitrary file read by workspace-builder via PWA-zip symlink upload

Budibase is an open-source low-code platform. Prior to 3.39.9, POST /api/pwa/process-zip at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with [email protected] into a temp directory, then for each entry listed in icons.json validates the icon path, open...

9.6CVSS0.00494EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/26 4:44 p.m.9 views

EUVD-2026-39812

extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory...

8.6CVSS5.9AI score0.00346EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:44 p.m.7 views

CVE-2026-56876

extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory...

8.6CVSS5.9AI score0.00346EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/26 4:44 p.m.36 views

CVE-2026-56876 extract-zip unvalidated symlink path traversal

extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory...

8.6CVSS0.00346EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/06/26 4:44 p.m.6 views

CVE-2026-56876

extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory...

8.6CVSS5.9AI score0.00346EPSS
Exploits1
ICS
ICS
added 2026/06/26 4:8 p.m.8 views

extract-zip unvalidated symlink path traversal

RISK EVALUATION extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the...

8.6CVSS5.9AI score0.00346EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.11 views

SUSE CVE-2026-48855

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh sshsftpd module allows File Discovery. The SSHFXPREADLINK handler in sshsftpd sends the raw result of file:readlink/2 to the client without calling chrootfilename/2 to strip the backend root prefix. An...

2.3CVSS5.3AI score0.00277EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 2:35 p.m.29 views

CVE-2026-48855

Summary: CVE-2026-48855 affects Erlang OTP ssh_sftpd. An authenticated SFTP client can create a symlink inside a chroot that points to the filesystem root; when reading the link via SSH_FXP_READLINK, ssh_sftpd exposes the absolute backend root path (and any symlink targets) instead of the chroote...

6.5CVSS5.5AI score0.00277EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48463

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 29.0.1 Erlang OTP versions prior to 28.5.0.2 Erlang OTP versions prior to 27.3.4.13 Description An issue in the ssh sftpd module allows for file discovery through the exposure of sensitive information. The SSH...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/05/26 3:55 a.m.13 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7.2AI score0.00292EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/05/26 12:17 a.m.13 views

CVE-2026-42496

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular...

9.1CVSS5.8AI score0.0043EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Pear Archive_Tar 安全漏洞

Pear ArchiveTar is a PHP-based software developed by the PEAR team that allows for creating and extracting tar packages. Prior to version 3.08, Pear ArchiveTar had a security vulnerability. This vulnerability stemmed from the makespecialfile function, which passed the linkname of the tar header t...

9.1CVSS5.8AI score0.0043EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/21 9:54 p.m.16 views

Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for...

9.6CVSS6.6AI score0.00482EPSS
Exploits0References5Affected Software4
OSV
OSV
added 2026/05/11 1:59 p.m.5 views

GHSA-9Q28-GHCR-C4X3 PraisonAI's symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`

Summary The safeextractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but does not validate member.linkname, does not reject symlink/hardlink members, and calls...

8.7CVSS6AI score0.00433EPSS
Exploits1References3
OSV
OSV
added 2026/04/27 8:35 p.m.11 views

JLSEC-2026-279 Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata

tl;dr: unprivileged user creates a symlink to /etc/sudoers, /etc/shadow or similar and waits for a privileged user or process to copy/backup/mirror users data using --links and --metadata. unprivileged user now owns /etc/sudoers. Summary Insecure handling of symlinks with --links and --metadata i...

5.4CVSS5.6AI score0.00214EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/30 9:31 p.m.3 views

EUVD-2026-17178

A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under --permission with restricted --allow-fs-read can still use...

3.3CVSS6.3AI score0.00158EPSS
Exploits0References2
OSV
OSV
added 2026/03/10 6:28 p.m.5 views

GO-2026-4636 Zarf's symlink targets in archives are not validated against destination directory in github.com/zarf-dev/zarf

Zarf's symlink targets in archives are not validated against destination directory in github.com/zarf-dev/zarf...

8.2CVSS5.8AI score0.0022EPSS
Exploits1References3
Veracode
Veracode
added 2026/02/17 10:56 a.m.7 views

Improper Access Control

@anthropic-ai/claude-code is vulnerable to improper access control. The vulnerability is due to failure to strictly enforce deny rules on symbolic link targets, which allows an attacker to access restricted files by referencing them through symlinks...

7.5CVSS5.6AI score0.00376EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-6213

Name of the Vulnerable Software and Affected Versions Compressing versions 1.10.3 and prior Compressing version 2.0.0 Description Compressing, a compressing and uncompressing library for Node.js, does not validate symbolic link targets when extracting TAR archives. This allows an attacker to embe...

8.4CVSS5.7AI score0.00334EPSS
Exploits1References16
Rows per page
Query Builder