CVE-2024-21542

HIGH Year: 2024
CVSS v3 Score
8.6
High
Weakness Type
CWE-29
View all →

Vulnerability Description

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.

Related Vulnerabilities

CVE-2023-6023

HIGH
CVSS:8.6(High)

An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.

CWE-292023

CVE-2024-34470

HIGH
CVSS:8.6(High)

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filt...

CWE-292024

CVE-2024-3435

HIGH
CVSS:8.4(High)

A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to ...

CWE-292024

CVE-2024-11170

HIGH
CVSS:8.8(High)

A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and po...

CWE-292024

CVE-2024-12389

HIGH
CVSS:8.8(High)

A path traversal vulnerability exists in binary-husky/gpt_academic version git 310122f. The application supports the extraction of user-provided 7z files without proper validation. The Python py7zr pa...

CWE-292024

CVE-2024-10648

HIGH
CVSS:8.2(High)

A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, lead...

CWE-292024