Łukasz Langa

61 exploits Active since Apr 2017
CVE-2025-4330 WRITEUP HIGH WRITEUP
CPython Path Traversal via TarFile Extraction Filter Bypass
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
CVSS 7.5
CVE-2025-4435 WRITEUP HIGH WRITEUP
CPython TarFile - Incorrect Extraction with errorlevel=0
When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.
CVSS 7.5
CVE-2025-4517 WRITEUP CRITICAL WRITEUP
Python <3.14 - Path Traversal
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
CVSS 9.4
CVE-2025-6075 WRITEUP MEDIUM WRITEUP
os.path.expandvars - Info Disclosure
If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.
CVSS 5.5
CVE-2025-6075 WRITEUP MEDIUM WRITEUP
os.path.expandvars - Info Disclosure
If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.
CVSS 5.5
CVE-2017-8342 WRITEUP HIGH WRITEUP
Radicale < 1.1.2 and 2.x < 2.0.0rc2 - Timing Attack via htpasswd Authentication
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.
CVSS 8.1
CVE-2024-6923 WRITEUP MEDIUM WRITEUP
CPython HTTP Header Injection in email Module
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
CVSS 5.5
CVE-2025-0938 WRITEUP MEDIUM WRITEUP
CPython urllib.parse - Bracketed Host Validation Bypass
The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.
CVE-2025-4330 WRITEUP HIGH WRITEUP
CPython Path Traversal via TarFile Extraction Filter Bypass
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
CVSS 7.5
CVE-2025-4435 WRITEUP HIGH WRITEUP
CPython TarFile - Incorrect Extraction with errorlevel=0
When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.
CVSS 7.5
CVE-2025-6075 WRITEUP MEDIUM WRITEUP
os.path.expandvars - Info Disclosure
If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.
CVSS 5.5