cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

Path Traversal

Keras is vulnerable to path traversal. The vulnerability is due to the keras.utils.getfile API using Python’s tarfile.extractall without the filter="data" protection when extracting tar archives, which allows a remote attacker to craft a malicious archive with symlinks and write arbitrary files...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to extraction filter issues due to the python package (CVE-2025-4330, CVE-2025-4435)

Summary Python is used by DataStage on Cloud Pak for Data as part of general processing functionality. Vulnerability Details CVEID:CVE-2025-4330 DESCRIPTION: Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of so...

ROS-20250819-06

Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of restricted directory. Python programming language interpreter CPython functions TarFile.extractall and...

BIT-LIBPYTHON-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...