CVE-2025-4330 | Python CPython up to 3.14.0b1 TarFile.extractall/TarFile.extract path traversal (Issue 135034)

Inserito da Angelo Barbosa | Giu 3, 2025 | CVE

A vulnerability, which was classified as critical, has been found in Python CPython up to 3.14.0b1. Affected by this issue is the function TarFile.extractall/TarFile.extract. The manipulation leads to path traversal.

This vulnerability is handled as CVE-2025-4330. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-4330 | Python CPython up to 3.14.0b1 TarFile.extractall/TarFile.extract path traversal (Issue 135034)

Post correlati

CVE-2024-10367 | Otter Blocks Plugin up to 3.0.4 on WordPress SVG File Upload cross site scripting

CVE-2024-57408 | cool-admin-java 1.0 File /comm/upload unrestricted upload

CVE-2023-48244 | Rexroth Nexo Cordless Nutrunner up to V1500-SP2 URL cross site scripting

CVE-2024-0727 | OpenSSL 3.0/3.1 ContentInfo null pointer dereference