CVSS: 7.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-12718 – Bypass extraction filter to modify file metadata outside extraction directory
https://notcve.org/view.php?id=CVE-2024-12718
03 Jun 2025 — Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more inform... • https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-4435 – Tarfile extracts filtered members when errorlevel=0
https://notcve.org/view.php?id=CVE-2025-4435
03 Jun 2025 — When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped. A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms. When using a TarFile.errorle... • https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da • CWE-682: Incorrect Calculation CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-4138 – Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory
https://notcve.org/view.php?id=CVE-2025-4138
03 Jun 2025 — Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. O... • https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-4330 – Extraction filter bypass for linking outside extraction directory
https://notcve.org/view.php?id=CVE-2025-4330
03 Jun 2025 — Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. O... • https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-4517 – Arbitrary writes via tarfile realpath overflow
https://notcve.org/view.php?id=CVE-2025-4517
03 Jun 2025 — Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by t... • https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-4516 – Use-after-free in "unicode_escape" decoder with error handler
https://notcve.org/view.php?id=CVE-2025-4516
15 May 2025 — There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError. It was discovered that Python incorrectly handled certain unicode characters during decoding. An attacker could possibly use this issue to cause a denial of service. • https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1795 – Mishandling of comma during folding and unicode-encoding of email headers
https://notcve.org/view.php?id=CVE-2025-1795
28 Feb 2025 — During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers. It was discovered that Python incorrectly handled certain unicode characters during decoding. An attacker could possibly use this issue to cause a denial of service. • https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3220 – Default mimetype known files writeable on Windows
https://notcve.org/view.php?id=CVE-2024-3220
14 Feb 2025 — There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type. This defect is caused by the default locations of Linux and macOS platforms (such as “/etc/mime.types”) also being used on Windows, where they are user-writable locations (“C:\etc\mime.types”). To wor... • https://mail.python.org/archives/list/security-announce@python.org/thread/CDXW34ND2LSAOYAR5N6UNONP4ZBX4D6R • CWE-426: Untrusted Search Path •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-0938 – URL parser allowed square brackets in domain names
https://notcve.org/view.php?id=CVE-2025-0938
31 Jan 2025 — The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers. A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain ... • https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-12254 – Unbounded memory buffering in SelectorSocketTransport.writelines()
https://notcve.org/view.php?id=CVE-2024-12254
06 Dec 2024 — Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .wri... • https://github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •