Логотип exploitDog
bind:CVE-2025-4330
Консоль
Логотип exploitDog

exploitDog

bind:CVE-2025-4330

Количество 20

Количество 20

ubuntu логотип

CVE-2025-4330

2 месяца назад

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid ins...

CVSS3: 7.5
EPSS: Низкий
redhat логотип

CVE-2025-4330

2 месяца назад

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid insta...

CVSS3: 7.3
EPSS: Низкий
nvd логотип

CVE-2025-4330

2 месяца назад

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid inst

CVSS3: 7.5
EPSS: Низкий
msrc логотип

CVE-2025-4330

27 дней назад

CVSS3: 7.5
EPSS: Низкий
debian логотип

CVE-2025-4330

2 месяца назад

Allows the extraction filter to be ignored, allowing symlink targets t ...

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-68pj-xrp5-vccj

2 месяца назад

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions...

CVSS3: 7.5
EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:02057-1

около 2 месяцев назад

Security update for python311

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:02050-1

около 2 месяцев назад

Security update for python39

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:02049-1

около 2 месяцев назад

Security update for python311

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:02048-1

около 2 месяцев назад

Security update for python312

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:02047-1

около 2 месяцев назад

Security update for python310

EPSS: Низкий
oracle-oval логотип

ELSA-2025-10189

около 1 месяца назад

ELSA-2025-10189: python3.12 security update (IMPORTANT)

EPSS: Низкий
oracle-oval логотип

ELSA-2025-10148

около 1 месяца назад

ELSA-2025-10148: python3.11 security update (IMPORTANT)

EPSS: Низкий
oracle-oval логотип

ELSA-2025-10140

около 1 месяца назад

ELSA-2025-10140: python3.12 security update (IMPORTANT)

EPSS: Низкий
oracle-oval логотип

ELSA-2025-10136

около 1 месяца назад

ELSA-2025-10136: python3.9 security update (IMPORTANT)

EPSS: Низкий
oracle-oval логотип

ELSA-2025-10128

около 1 месяца назад

ELSA-2025-10128: python3 security update (IMPORTANT)

EPSS: Низкий
oracle-oval логотип

ELSA-2025-10031

около 1 месяца назад

ELSA-2025-10031: python3.12 security update (IMPORTANT)

EPSS: Низкий
oracle-oval логотип

ELSA-2025-10026

около 1 месяца назад

ELSA-2025-10026: python3.11 security update (IMPORTANT)

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:02297-1

26 дней назад

Security update for python36

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:02074-1

около 1 месяца назад

Security update for python313

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2025-4330

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid ins...

CVSS3: 7.5
0%
Низкий
2 месяца назад
redhat логотип
CVE-2025-4330

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid insta...

CVSS3: 7.3
0%
Низкий
2 месяца назад
nvd логотип
CVE-2025-4330

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid inst

CVSS3: 7.5
0%
Низкий
2 месяца назад
msrc логотип
CVSS3: 7.5
0%
Низкий
27 дней назад
debian логотип
CVE-2025-4330

Allows the extraction filter to be ignored, allowing symlink targets t ...

CVSS3: 7.5
0%
Низкий
2 месяца назад
github логотип
GHSA-68pj-xrp5-vccj

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions...

CVSS3: 7.5
0%
Низкий
2 месяца назад
suse-cvrf логотип
SUSE-SU-2025:02057-1

Security update for python311

около 2 месяцев назад
suse-cvrf логотип
SUSE-SU-2025:02050-1

Security update for python39

около 2 месяцев назад
suse-cvrf логотип
SUSE-SU-2025:02049-1

Security update for python311

около 2 месяцев назад
suse-cvrf логотип
SUSE-SU-2025:02048-1

Security update for python312

около 2 месяцев назад
suse-cvrf логотип
SUSE-SU-2025:02047-1

Security update for python310

около 2 месяцев назад
oracle-oval логотип
ELSA-2025-10189

ELSA-2025-10189: python3.12 security update (IMPORTANT)

около 1 месяца назад
oracle-oval логотип
ELSA-2025-10148

ELSA-2025-10148: python3.11 security update (IMPORTANT)

около 1 месяца назад
oracle-oval логотип
ELSA-2025-10140

ELSA-2025-10140: python3.12 security update (IMPORTANT)

около 1 месяца назад
oracle-oval логотип
ELSA-2025-10136

ELSA-2025-10136: python3.9 security update (IMPORTANT)

около 1 месяца назад
oracle-oval логотип
ELSA-2025-10128

ELSA-2025-10128: python3 security update (IMPORTANT)

около 1 месяца назад
oracle-oval логотип
ELSA-2025-10031

ELSA-2025-10031: python3.12 security update (IMPORTANT)

около 1 месяца назад
oracle-oval логотип
ELSA-2025-10026

ELSA-2025-10026: python3.11 security update (IMPORTANT)

около 1 месяца назад
suse-cvrf логотип
SUSE-SU-2025:02297-1

Security update for python36

26 дней назад
suse-cvrf логотип
SUSE-SU-2025:02074-1

Security update for python313

около 1 месяца назад

Уязвимостей на страницу