Lucene search
K

18 matches found

OSV
OSV
added 2026/06/23 5:16 p.m.2 views

UBUNTU-CVE-2026-11940

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.8AI score0.00613EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/23 4:4 p.m.4 views

CVE-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.8AI score0.00613EPSS
Exploits0References8
OSV
OSV
added 2026/06/08 8:13 a.m.7 views

BIT-PYTHON-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

6.9CVSS5.4AI score0.00606EPSS
Exploits0References10
NVD
NVD
added 2026/06/04 4:16 p.m.10 views

CVE-2026-7774

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

6.9CVSS0.00606EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.13 views

PT-2026-46262

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The tarfile.data filter can be bypassed using crafted link entries, such as symlinks with empty or directory-like names. This allows a malicious tar archive to redirect subsequent archive...

6.9CVSS5.6AI score0.00606EPSS
Exploits0References37
GithubExploit
GithubExploit
added 2026/02/15 9:59 p.m.212 views

Exploit for CVE-2025-4138

CVE-2025-4138 — Python tarfile filter="data" Bypass Arbitra...

7.5CVSS6.5AI score0.01109EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.7 views

MiracleLinux 8 : python3.11-3.11.13-1.el8_10 (AXSA:2025-10428:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10428:04 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside...

9.4CVSS6.7AI score0.01184EPSS
Exploits14References6
OSV
OSV
added 2025/11/12 2:48 p.m.6 views

CLSA-2025-1762958892 python3: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

9.4CVSS6.7AI score0.01184EPSS
Exploits14References1
OSV
OSV
added 2025/11/12 2:44 p.m.7 views

CLSA-2025-1762958654 python3: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

9.4CVSS6.8AI score0.01184EPSS
Exploits14References1
OSV
OSV
added 2025/10/04 12:11 a.m.7 views

RLSA-2025:10189 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.6CVSS6.8AI score0.01184EPSS
Exploits14References6
OSV
OSV
added 2025/07/22 6:24 p.m.9 views

CLSA-2025-1753208636 python3.9: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

9.4CVSS6.8AI score0.01184EPSS
Exploits14References1
OSV
OSV
added 2025/07/17 10:38 a.m.6 views

CLSA-2025-1752748693 python3.11: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

9.4CVSS6.7AI score0.01184EPSS
Exploits14References1
OSV
OSV
added 2025/07/11 9:47 a.m.9 views

SUSE-SU-2025:20492-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Update to 3.11.13: - Security - gh-135034: Fixes multiple issues that allowed tarfile extraction filters...

9.8CVSS6.6AI score0.06304EPSS
Exploits15References23
SUSE Linux
SUSE Linux
added 2025/06/21 9:4 a.m.4 views

Security update for python311

This update for python311 fixes the following issues: python311 was updated from version 3.11.10 to 3.11.13: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273. CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517:...

8.4CVSS6.1AI score0.01184EPSS
Exploits14References22
OSV
OSV
added 2025/06/21 9:4 a.m.7 views

SUSE-SU-2025:02057-1 Security update for python311

This update for python311 fixes the following issues: python311 was updated from version 3.11.10 to 3.11.13: - Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273. CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517:...

9.4CVSS6.6AI score0.01184EPSS
Exploits14References12
SUSE Linux
SUSE Linux
added 2025/06/20 12:41 p.m.4 views

Security update for python311

This update for python311 fixes the following issues: python311 was updated from version 3.11.10 to 3.11.13: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273. CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517:...

8.4CVSS6.1AI score0.01184EPSS
Exploits14References22
SUSE Linux
SUSE Linux
added 2025/06/20 12:40 p.m.4 views

Security update for python312

This update for python312 fixes the following issues: python312 was updated from version 3.12.9 to 3.12.11: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fixe...

8.4CVSS6.2AI score0.01184EPSS
Exploits14References20
SUSE Linux
SUSE Linux
added 2025/06/20 12:40 p.m.3 views

Security update for python310

This update for python310 fixes the following issues: python310 was updated from version 3.10.16 to 3.10.18: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fix...

8.4CVSS6.1AI score0.01184EPSS
Exploits14References24
Rows per page
Query Builder