Количество 23
Количество 23

CVE-2025-4517
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

CVE-2025-4517
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

CVE-2025-4517
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

CVE-2025-4517
CVE-2025-4517
Allows arbitrary filesystem writes outside the extraction directory du ...
GHSA-6r6c-684h-9j7p
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the ...

BDU:2025-06494
Уязвимость функции TarFile.extractall() и TarFile.extract() модуля tarfile интерпретатора языка программирования Python (CPython), позволяющая нарушителю записывать произвольные файлы

SUSE-SU-2025:02057-1
Security update for python311

SUSE-SU-2025:02050-1
Security update for python39

SUSE-SU-2025:02049-1
Security update for python311

SUSE-SU-2025:02048-1
Security update for python312

SUSE-SU-2025:02047-1
Security update for python310

RLSA-2025:10031
Important: python3.12 security update

RLSA-2025:10026
Important: python3.11 security update
ELSA-2025-10189
ELSA-2025-10189: python3.12 security update (IMPORTANT)
ELSA-2025-10148
ELSA-2025-10148: python3.11 security update (IMPORTANT)
ELSA-2025-10140
ELSA-2025-10140: python3.12 security update (IMPORTANT)
ELSA-2025-10136
ELSA-2025-10136: python3.9 security update (IMPORTANT)
ELSA-2025-10128
ELSA-2025-10128: python3 security update (IMPORTANT)
ELSA-2025-10031
ELSA-2025-10031: python3.12 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
---|---|---|---|---|
![]() | CVE-2025-4517 Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links. | CVSS3: 9.4 | 0% Низкий | 2 месяца назад |
![]() | CVE-2025-4517 Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links. | CVSS3: 7.6 | 0% Низкий | 2 месяца назад |
![]() | CVE-2025-4517 Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links. | CVSS3: 9.4 | 0% Низкий | 2 месяца назад |
![]() | CVSS3: 9.4 | 0% Низкий | 28 дней назад | |
CVE-2025-4517 Allows arbitrary filesystem writes outside the extraction directory du ... | CVSS3: 9.4 | 0% Низкий | 2 месяца назад | |
GHSA-6r6c-684h-9j7p Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the ... | CVSS3: 9.4 | 0% Низкий | 2 месяца назад | |
![]() | BDU:2025-06494 Уязвимость функции TarFile.extractall() и TarFile.extract() модуля tarfile интерпретатора языка программирования Python (CPython), позволяющая нарушителю записывать произвольные файлы | CVSS3: 9.4 | 0% Низкий | 2 месяца назад |
![]() | SUSE-SU-2025:02057-1 Security update for python311 | около 2 месяцев назад | ||
![]() | SUSE-SU-2025:02050-1 Security update for python39 | около 2 месяцев назад | ||
![]() | SUSE-SU-2025:02049-1 Security update for python311 | около 2 месяцев назад | ||
![]() | SUSE-SU-2025:02048-1 Security update for python312 | около 2 месяцев назад | ||
![]() | SUSE-SU-2025:02047-1 Security update for python310 | около 2 месяцев назад | ||
![]() | RLSA-2025:10031 Important: python3.12 security update | 9 дней назад | ||
![]() | RLSA-2025:10026 Important: python3.11 security update | 9 дней назад | ||
ELSA-2025-10189 ELSA-2025-10189: python3.12 security update (IMPORTANT) | около 1 месяца назад | |||
ELSA-2025-10148 ELSA-2025-10148: python3.11 security update (IMPORTANT) | около 1 месяца назад | |||
ELSA-2025-10140 ELSA-2025-10140: python3.12 security update (IMPORTANT) | около 1 месяца назад | |||
ELSA-2025-10136 ELSA-2025-10136: python3.9 security update (IMPORTANT) | около 1 месяца назад | |||
ELSA-2025-10128 ELSA-2025-10128: python3 security update (IMPORTANT) | около 1 месяца назад | |||
ELSA-2025-10031 ELSA-2025-10031: python3.12 security update (IMPORTANT) | около 1 месяца назад |
Уязвимостей на страницу