12 matches found
EUVD-2006-1327
Malware in sbrugna...
EUVD-2015-5555
Malware in sbrugna...
EUVD-2024-2112
Malicious code in bioql PyPI...
CVE-2015-5601
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files...
CVE-2024-10986
GPT Academic version 3.83 is vulnerable to a Local File Read LFI vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, the application overlooks the Tarslip triggered by symlinks...
CVE-2024-12216 Arbitrary File Write via TarSlip in dmlc/gluon-cv
A vulnerability in the ImageClassificationDataset.fromcsv API of the dmlc/gluon-cv repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts tar.gz files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can...
CVE-2024-5980 Arbitrary File Write via /v1/runs API endpoint in lightning-ai/pytorch-lightning
A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...
PT-2024-37290
Name of the Vulnerable Software and Affected Versions: pytorch-lightning version 2.2.4 Description: A path traversal issue exists in the "/v1/runs" API endpoint, allowing attackers to exploit this vulnerability when extracting tar.gz files. This can be used to deploy malicious tar.gz plugins that...
CVE-2015-5601
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files...
Code injection
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files...
CVE-2015-5601
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files...
CVE-2015-5601
CVE-2015-5601 affects edx-platform prior to 2015-07-20. A vulnerable endpoint (course import) mishandles .tar.gz files, allowing code execution by privileged users. Documents provide CVSS details (2.0/6.5; 3.0/8.8) indicating impact on confidentiality, integrity, and availability (all high/partia...