VDB
GCVE-110-MAGEIA-2025-280
GCVE-110-MAGEIA-2025-280
Advisory Published
URL parser allowed square brackets in domain names. (CVE-2025-0938)
Mishandling of comma during folding and unicode-encoding of email
headers. (CVE-2025-1795)
Virtual environment (venv) activation scripts don't quote paths.
(CVE-2024-9287)
Use-after-free in "unicode_escape" decoder with error handler.
(CVE-2025-4516)
Bypass extraction filter to modify file metadata outside extraction
directory. (CVE-2024-12718)
Bypassing extraction filter to create symlinks to arbitrary targets
outside extraction directory. (CVE-2025-4138)
Extraction filter bypass for linking outside extraction directory.
(CVE-2025-4330)
Tarfile extracts filtered members when errorlevel=0. (CVE-2025-4435)
Arbitrary writes via tarfile realpath overflow. (CVE-2025-4517)
Tarfile infinite loop during parsing with negative member offset.
(CVE-2025-8194)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | python3 | 0 (affected), 3.10.18-1.4.mga9 (unaffected) | — |
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.