26 matches found
Exploit for Path Traversal in Python
CVE-2007-4559 — TarSlip: The 15-Year Directory Traversal...
CVE-2026-32731
ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of @apostrophecms/import-export, The extract function in gzip.js constructs file-write paths using fs.createWriteStreampath.joinexportPath, header.name. path.join does not resolve or sanitise traversal segments...
EUVD-2023-36917
Malicious code in bioql PyPI...
EUVD-2023-36564
Malicious code in bioql PyPI...
CVE-2023-32317
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...
CVE-2024-12216
The CVE-2024-12216 issue affects dmlc/gluon-cv 0.10.0, specifically ImageClassificationDataset.from_csv(). The vulnerability arises because tar.gz files downloaded from URLs are extracted without proper sanitization, enabling TarSlip via path traversal or faked symlinks to overwrite arbitrary fil...
SUSE CVE-2024-56514
Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...
GHSA-CWRH-575J-8VR3 Karmada Tar Slips in CRDs archive extraction
Impact What kind of vulnerability is it? Who is impacted? Both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resource definitionsCRDs needed by karmada. The CRDs are downloaded as a gzipped tarfile and are vulnerable to a...
SUSE CVE-2023-35947
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...
DEBIAN-CVE-2023-35947
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...
PT-2023-25398 · Gradle +2 · Gradle +2
Name of the Vulnerable Software and Affected Versions: Gradle versions prior to 7.6.2 Gradle versions prior to 8.2 Description: This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip. When unpacking Tar archives, Gradle did no...
CVE-2023-32676
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...
CVE-2023-32317
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...
Code injection
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...
Code injection
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...
CVE-2023-32676 Autolab tar slip in Install Assessment functionality (`GHSL-2023-081`)
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...
CVE-2023-32676
Summary: CVE-2023-32676 describes a tar slip/path traversal vulnerability in Autolab’s Install assessment feature. An authenticated instructor can upload a specially crafted tar file, causing files inside the archive to be expanded to attacker-chosen locations outside the target directory (e.g., ...
CVE-2023-32676 Autolab tar slip in Install Assessment functionality (`GHSL-2023-081`)
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...
CVE-2023-32317 Autolab tar slip in cheat checker functionality (`GHSL-2023-082`)
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...
CVE-2023-32317 Autolab tar slip in cheat checker functionality (`GHSL-2023-082`)
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...