CVE-2025-4435

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-4435

Severity

Unknown

Description

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.

References

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2025-4435

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources