VDB
BIT-python-2024-12718
BIT-python-2024-12718
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Bypass extraction filter to modify file metadata outside extraction directory
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | python | 0, 3.10.0, 3.11.0 |
Exploit Intelligence
- cve_regression.rs (github-poc)
Timeline
- Jul 10, 2025 CVE Published
- Aug 11, 2025 CVE Updated
References
- https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f url
- https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da url
- https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9 url
- https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a url
- https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e url
- https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a url
- https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a url
- https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01 url
- https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1 url
- https://github.com/python/cpython/issues/127987 url
- https://github.com/python/cpython/issues/135034 url
- https://github.com/python/cpython/pull/135037 url
- https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ url
- https://nvd.nist.gov/vuln/detail/CVE-2024-12718 url