DevGuard Logo

/🛡️ DevGuard
Group
/🧩 DevGuard Action
Repository

Overview
Compliance
Code Risks
Dependency Risks
Dependencies

CVE-2025-4435

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.

GitHub Logohttps://github.com/l3montree-dev/devguard-action/issues/137
Fixed
LOW (2.1)
  • logo

    System detected CVE-2025-4435 with a risk of 2.12

    main
  • logo

    System created a ticket for CVE-2025-4435

    main

    Everything after this entry will be synced with the external system. The ticket can be found at https://github.com/l3montree-dev/devguard-action/issues/137

  • logo

    System detected CVE-2025-4435 with scanner: container-scanning:test

    main
  • logo

    System removed scanner: container-scanning

    main
  • logo

    System fixed CVE-2025-4435

    main

Reopen this vulnerability

You can reopen this vuln, if you plan to mitigate the risk now, or accepted this vuln by accident.

Comment will be synced with https://github.com/l3montree-dev/devguard-action/issues/137
Last calculated at:

Affected component

Logo von deb debian/python3.11

Installed version:
3.11.2-6
Fixed in:
no patch available
Show in dependency graph

Management decisions across the organization

GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 71cda54d19c6900d5d185b8bc7c11608a8a65bac