2 matches found
PT-2026-26573
Name of the Vulnerable Software and Affected Versions tar-rs versions 0.4.44 and below Description The tar-rs crate’s unpack dir function uses fs::metadata to verify if a path already exists as a directory during tar archive unpacking. Because fs::metadata follows symbolic links, a specially...
ALPINE-CVE-2026-24049
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...