Lucene search
+L

7 matches found

RedHat Linux
RedHat Linux
added 2026/07/10 8:50 p.m.5 views

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

7.5CVSS6.5AI score0.00805EPSS
Exploits2References10
OSV
OSV
added 2026/06/29 11:10 a.m.7 views

BIT-LIBPYTHON-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.7AI score0.00613EPSS
Exploits0References9
OSV
OSV
added 2026/06/24 1:10 p.m.6 views

OESA-2026-2695 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

8.2CVSS5.8AI score0.00622EPSS
Exploits0References3
OSV
OSV
added 2026/05/21 4:24 p.m.17 views

RLSA-2025:10128 Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.6CVSS7AI score0.01227EPSS
Exploits14References6
OSV
OSV
added 2026/01/22 9:7 a.m.6 views

SUSE-SU-2026:0210-1 Security update for python3

This update for python3 fixes the following issues: Security fixes: - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' bsc1244032 - CVE-2025-4330: Fixed extraction filter bypass for linking outside extraction directory bsc12440...

9.8CVSS6.8AI score0.27095EPSS
Exploits16References14
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 8 : python3.12-3.12.11-1.el8_10 (AXSA:2025-10429:06)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10429:06 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside...

9.4CVSS6.7AI score0.01227EPSS
Exploits14References6
Tenable Nessus
Tenable Nessus
added 2025/12/22 12:0 a.m.13 views

AlmaLinux 8 : python39:3.9 (ALSA-2025:23530)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23530 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 python: Virtual environment venv activation scripts don't...

9.4CVSS6.8AI score0.01499EPSS
Exploits14References14
Rows per page
Query Builder