Количество 20
Количество 20

CVE-2025-4330
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid ins...

CVE-2025-4330
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid insta...

CVE-2025-4330
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid inst

CVE-2025-4330
CVE-2025-4330
Allows the extraction filter to be ignored, allowing symlink targets t ...
GHSA-68pj-xrp5-vccj
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions...

SUSE-SU-2025:02057-1
Security update for python311

SUSE-SU-2025:02050-1
Security update for python39

SUSE-SU-2025:02049-1
Security update for python311

SUSE-SU-2025:02048-1
Security update for python312

SUSE-SU-2025:02047-1
Security update for python310
ELSA-2025-10189
ELSA-2025-10189: python3.12 security update (IMPORTANT)
ELSA-2025-10148
ELSA-2025-10148: python3.11 security update (IMPORTANT)
ELSA-2025-10140
ELSA-2025-10140: python3.12 security update (IMPORTANT)
ELSA-2025-10136
ELSA-2025-10136: python3.9 security update (IMPORTANT)
ELSA-2025-10128
ELSA-2025-10128: python3 security update (IMPORTANT)
ELSA-2025-10031
ELSA-2025-10031: python3.12 security update (IMPORTANT)
ELSA-2025-10026
ELSA-2025-10026: python3.11 security update (IMPORTANT)

SUSE-SU-2025:02297-1
Security update for python36

SUSE-SU-2025:02074-1
Security update for python313
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
---|---|---|---|---|
![]() | CVE-2025-4330 Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid ins... | CVSS3: 7.5 | 0% Низкий | 2 месяца назад |
![]() | CVE-2025-4330 Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid insta... | CVSS3: 7.3 | 0% Низкий | 2 месяца назад |
![]() | CVE-2025-4330 Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid inst | CVSS3: 7.5 | 0% Низкий | 2 месяца назад |
![]() | CVSS3: 7.5 | 0% Низкий | 27 дней назад | |
CVE-2025-4330 Allows the extraction filter to be ignored, allowing symlink targets t ... | CVSS3: 7.5 | 0% Низкий | 2 месяца назад | |
GHSA-68pj-xrp5-vccj Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions... | CVSS3: 7.5 | 0% Низкий | 2 месяца назад | |
![]() | SUSE-SU-2025:02057-1 Security update for python311 | около 2 месяцев назад | ||
![]() | SUSE-SU-2025:02050-1 Security update for python39 | около 2 месяцев назад | ||
![]() | SUSE-SU-2025:02049-1 Security update for python311 | около 2 месяцев назад | ||
![]() | SUSE-SU-2025:02048-1 Security update for python312 | около 2 месяцев назад | ||
![]() | SUSE-SU-2025:02047-1 Security update for python310 | около 2 месяцев назад | ||
ELSA-2025-10189 ELSA-2025-10189: python3.12 security update (IMPORTANT) | около 1 месяца назад | |||
ELSA-2025-10148 ELSA-2025-10148: python3.11 security update (IMPORTANT) | около 1 месяца назад | |||
ELSA-2025-10140 ELSA-2025-10140: python3.12 security update (IMPORTANT) | около 1 месяца назад | |||
ELSA-2025-10136 ELSA-2025-10136: python3.9 security update (IMPORTANT) | около 1 месяца назад | |||
ELSA-2025-10128 ELSA-2025-10128: python3 security update (IMPORTANT) | около 1 месяца назад | |||
ELSA-2025-10031 ELSA-2025-10031: python3.12 security update (IMPORTANT) | около 1 месяца назад | |||
ELSA-2025-10026 ELSA-2025-10026: python3.11 security update (IMPORTANT) | около 1 месяца назад | |||
![]() | SUSE-SU-2025:02297-1 Security update for python36 | 26 дней назад | ||
![]() | SUSE-SU-2025:02074-1 Security update for python313 | около 1 месяца назад |
Уязвимостей на страницу