3 matches found
CVE-2023-30620 Arbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdb
mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...
Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location
Summary An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip variant. Details Unpacking files using the...
CVE-2022-23522 Arbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdb
MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...