Lucene search
K

45 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-4360

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

2CVSS0.00304EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-4360 Tarfile.extract() doesn't fully respect filter parameter

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

2CVSS0.00304EPSS
Exploits0References7
CVE
CVE
added 5 days ago8 views

CVE-2026-4360

CVE-2026-4360 affects Python’s tarfile module, where TarFile.extract() fails to propagate the filter parameter for hardlinks, allowing extraction from untrusted tar archives to write files with unexpected uid/gid even when filter='data' is requested. The issue is documented in CPython commits/iss...

2CVSS5.8AI score0.00304EPSS
Exploits0References7
NVD
NVD
added 2026/05/15 5:16 p.m.47 views

CVE-2026-46383

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a...

5.5CVSS0.0061EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.8 views

Siemens SCALANCE and RUGGEDCOM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2025-4138)

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfilemodule to extract untrusted tar archives using TarFile.extractallor...

7.5CVSS7.2AI score0.01109EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.8 views

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2025-2339)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some fil...

9.4CVSS7.3AI score0.01184EPSS
Exploits14References6
Tenable Nessus
Tenable Nessus
added 2025/10/11 12:0 a.m.7 views

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-2242)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Allows arbitrary filesystem writes outside the extraction directory during extraction with filter='data'. You are affected by this vulnerability ...

9.4CVSS7.3AI score0.01184EPSS
Exploits14References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-54644

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00607EPSS
Exploits1References14
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-16736

Malicious code in bioql PyPI...

9.4CVSS6.6AI score0.01184EPSS
Exploits11References13
F5 Networks
F5 Networks
added 2025/08/21 6:44 a.m.11 views

K000153107: Python tarfile Vulnerabilities CVE-2025-4138, CVE-2025-4330

Security Advisory Description CVE-2025-4138 Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar...

7.5CVSS7.5AI score0.01109EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-4138

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You...

7.5CVSS7.4AI score0.01109EPSS
Exploits7References2
OSV
OSV
added 2025/08/11 1:53 p.m.6 views

BIT-LIBPYTHON-2025-4138 Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS8AI score0.01109EPSS
Exploits7References13
F5 Networks
F5 Networks
added 2025/07/16 3:23 p.m.11 views

K000152599: Python tarfile vulnerability CVE-2024-12718

Security Advisory Description Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using...

5.3CVSS7.5AI score0.00607EPSS
Exploits1
OSV
OSV
added 2025/07/10 9:2 a.m.88 views

BIT-PYTHON-2025-4517 Arbitrary writes via tarfile realpath overflow

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS9.7AI score0.01184EPSS
Exploits11References13
OSV
OSV
added 2025/07/10 9:2 a.m.21 views

BIT-PYTHON-2025-4330 Extraction filter bypass for linking outside extraction directory

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS8.2AI score0.00767EPSS
Exploits2References13
OSV
OSV
added 2025/07/10 9:2 a.m.12 views

BIT-PYTHON-MIN-2025-4138 Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS8.2AI score0.01109EPSS
Exploits7References13
OSV
OSV
added 2025/07/10 9:1 a.m.16 views

BIT-PYTHON-MIN-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

5.3CVSS7AI score0.00607EPSS
Exploits1References14
RedHat Linux
RedHat Linux
added 2025/07/07 11:25 a.m.6 views

python: cpython: Arbitrary writes via tarfile realpath overflow

A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall or TarFile.extract methods with the extraction filter parameter set to "data" or "tar"...

9.4CVSS6.7AI score0.01184EPSS
Exploits11References10
RedHat Linux
RedHat Linux
added 2025/07/02 6:27 a.m.6 views

python: cpython: Arbitrary writes via tarfile realpath overflow

A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall or TarFile.extract methods with the extraction filter parameter set to "data" or "tar"...

9.4CVSS6.7AI score0.01184EPSS
Exploits11References10
RedHat Linux
RedHat Linux
added 2025/07/01 10:5 p.m.18 views

python: cpython: Arbitrary writes via tarfile realpath overflow

A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall or TarFile.extract methods with the extraction filter parameter set to "data" or "tar"...

9.4CVSS6.7AI score0.01184EPSS
Exploits11References10
Rows per page
Query Builder