PYSEC-2026-1406
Vulnerability from pysec - Published: 2026-07-07 14:34 - Updated: 2026-07-07 17:24
VLAI
Details
A vulnerability in the ImageClassificationDataset.from_csv() API of the dmlc/gluon-cv repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts tar.gz files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can exploit this by crafting malicious tar files that, when extracted, can overwrite files on the victim's system via path traversal or faked symlinks.
Severity
7.1 (High)
Impacted products
| Name | purl | gluoncv | pkg:pypi/gluoncv |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "gluoncv",
"purl": "pkg:pypi/gluoncv"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.10.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.1.0",
"0.10.0",
"0.10.0b20201203",
"0.10.0b20201204",
"0.10.0b20201205",
"0.10.0b20201206",
"0.10.0b20201207",
"0.10.0b20201208",
"0.10.0b20201209",
"0.10.0b20201210",
"0.10.0b20201211",
"0.10.0b20201212",
"0.10.0b20201213",
"0.10.0b20201214",
"0.10.0b20201215",
"0.10.0b20201216",
"0.10.0b20201217",
"0.10.0b20201218",
"0.10.0b20201219",
"0.10.0b20201220",
"0.10.0b20201221",
"0.10.0b20201222",
"0.10.0b20201223",
"0.10.0b20201224",
"0.10.0b20201225",
"0.10.0b20201226",
"0.10.0b20201227",
"0.10.0b20201228",
"0.10.0b20201229",
"0.10.0b20201230",
"0.10.0b20201231",
"0.10.0b20210101",
"0.10.0b20210102",
"0.10.0b20210103",
"0.10.0b20210104",
"0.10.0b20210105",
"0.10.0b20210106",
"0.10.0b20210107",
"0.10.0b20210108",
"0.10.0b20210109",
"0.10.0b20210110",
"0.10.0b20210111",
"0.10.0b20210112",
"0.10.0b20210113",
"0.10.0b20210114",
"0.10.0b20210115",
"0.10.0b20210116",
"0.10.0b20210117",
"0.10.0b20210118",
"0.10.0b20210119",
"0.10.0b20210120",
"0.10.0b20210121",
"0.10.0b20210122",
"0.10.0b20210123",
"0.10.0b20210124",
"0.10.0b20210125",
"0.10.0b20210126",
"0.10.0b20210127",
"0.10.0b20210128",
"0.10.0b20210129",
"0.10.0b20210130",
"0.10.0b20210131",
"0.10.0b20210201",
"0.10.0b20210202",
"0.10.0b20210203",
"0.10.0b20210204",
"0.10.0b20210205",
"0.10.0b20210206",
"0.10.0b20210207",
"0.10.0b20210208",
"0.10.0b20210209",
"0.10.0b20210210",
"0.10.0b20210211",
"0.10.0b20210212",
"0.10.0b20210213",
"0.10.0b20210214",
"0.10.0b20210215",
"0.10.0b20210216",
"0.10.0b20210217",
"0.10.0b20210218",
"0.10.0b20210219",
"0.10.0b20210220",
"0.10.0b20210221",
"0.10.0b20210222",
"0.10.0b20210224",
"0.10.0b20210225",
"0.10.0b20210226",
"0.10.0b20210227",
"0.10.0b20210228",
"0.10.0b20210301",
"0.10.0b20210302",
"0.10.0b20210303",
"0.10.0b20210304",
"0.10.0b20210305",
"0.10.0b20210306",
"0.10.0b20210307",
"0.10.0b20210308",
"0.10.0b20210309",
"0.2.0",
"0.2.0b20180502",
"0.2.0b20180503",
"0.2.0b20180504",
"0.2.0b20180505",
"0.2.0b20180506",
"0.2.0b20180507",
"0.2.0b20180508",
"0.2.0b20180509",
"0.2.0b20180510",
"0.2.0b20180511",
"0.2.0b20180512",
"0.2.0b20180513",
"0.2.0b20180514",
"0.2.0b20180515",
"0.2.0b20180516",
"0.2.0b20180517",
"0.2.0b20180518",
"0.2.0b20180519",
"0.2.0b20180520",
"0.2.0b20180521",
"0.2.0b20180522",
"0.2.0b20180523",
"0.2.0b20180524",
"0.2.0b20180525",
"0.2.0b20180526",
"0.2.0b20180527",
"0.2.0b20180528",
"0.2.0b20180529",
"0.2.0b20180530",
"0.2.0b20180531",
"0.2.0b20180601",
"0.2.0b20180602",
"0.2.0b20180603",
"0.2.0b20180604",
"0.2.0b20180605",
"0.2.0b20180606",
"0.2.0b20180607",
"0.2.0b20180608",
"0.2.0b20180609",
"0.2.0b20180610",
"0.2.0b20180611",
"0.2.0b20180612",
"0.2.0b20180613",
"0.2.0b20180614",
"0.2.0b20180615",
"0.2.0b20180616",
"0.2.0b20180617",
"0.2.0b20180618",
"0.2.0b20180619",
"0.2.0b20180620",
"0.2.0b20180621",
"0.2.0b20180622",
"0.2.0b20180623",
"0.2.0b20180624",
"0.2.0b20180625",
"0.2.0b20180626",
"0.3.0",
"0.3.0b20180627",
"0.3.0b20180628",
"0.3.0b20180629",
"0.3.0b20180630",
"0.3.0b20180701",
"0.3.0b20180702",
"0.3.0b20180703",
"0.3.0b20180704",
"0.3.0b20180705",
"0.3.0b20180706",
"0.3.0b20180707",
"0.3.0b20180708",
"0.3.0b20180709",
"0.3.0b20180710",
"0.3.0b20180711",
"0.3.0b20180712",
"0.3.0b20180713",
"0.3.0b20180714",
"0.3.0b20180715",
"0.3.0b20180716",
"0.3.0b20180717",
"0.3.0b20180718",
"0.3.0b20180719",
"0.3.0b20180720",
"0.3.0b20180721",
"0.3.0b20180722",
"0.3.0b20180723",
"0.3.0b20180724",
"0.3.0b20180725",
"0.3.0b20180726",
"0.3.0b20180727",
"0.3.0b20180728",
"0.3.0b20180729",
"0.3.0b20180730",
"0.3.0b20180731",
"0.3.0b20180801",
"0.3.0b20180802",
"0.3.0b20180803",
"0.3.0b20180804",
"0.3.0b20180805",
"0.3.0b20180806",
"0.3.0b20180807",
"0.3.0b20180808",
"0.3.0b20180809",
"0.3.0b20180810",
"0.3.0b20180811",
"0.3.0b20180812",
"0.3.0b20180813",
"0.3.0b20180814",
"0.3.0b20180815",
"0.3.0b20180816",
"0.3.0b20180817",
"0.3.0b20180818",
"0.3.0b20180819",
"0.3.0b20180820",
"0.3.0b20180821",
"0.3.0b20180822",
"0.3.0b20180823",
"0.3.0b20180824",
"0.3.0b20180825",
"0.3.0b20180826",
"0.3.0b20180827",
"0.3.0b20180828",
"0.3.0b20180829",
"0.3.0b20180830",
"0.3.0b20180831",
"0.3.0b20180901",
"0.3.0b20180902",
"0.3.0b20180903",
"0.3.0b20180904",
"0.3.0b20180905",
"0.3.0b20180906",
"0.3.0b20180907",
"0.3.0b20180908",
"0.3.0b20180909",
"0.3.0b20180910",
"0.3.0b20180911",
"0.3.0b20180912",
"0.3.0b20180913",
"0.3.0b20180914",
"0.3.0b20180915",
"0.3.0b20180916",
"0.3.0b20180917",
"0.3.0b20180918",
"0.3.0b20180919",
"0.3.0b20180920",
"0.3.0b20180921",
"0.3.0b20180922",
"0.3.0b20180923",
"0.3.0b20180924",
"0.3.0b20180925",
"0.3.0b20180926",
"0.3.0b20180927",
"0.3.0b20180928",
"0.3.0b20180929",
"0.3.0b20180930",
"0.3.0b20181001",
"0.3.0b20181002",
"0.3.0b20181003",
"0.3.0b20181004",
"0.3.0b20181005",
"0.3.0b20181006",
"0.3.0b20181007",
"0.3.0b20181008",
"0.3.0b20181009",
"0.3.0b20181010",
"0.3.0b20181011",
"0.3.0b20181012",
"0.3.0b20181013",
"0.3.0b20181014",
"0.3.0b20181015",
"0.3.0b20181016",
"0.3.0b20181017",
"0.4.0",
"0.4.0.post0",
"0.4.0b20181019",
"0.4.0b20181020",
"0.4.0b20181021",
"0.4.0b20181022",
"0.4.0b20181023",
"0.4.0b20181024",
"0.4.0b20181025",
"0.4.0b20181026",
"0.4.0b20181027",
"0.4.0b20181029",
"0.4.0b20181030",
"0.4.0b20181031",
"0.4.0b20181101",
"0.4.0b20181102",
"0.4.0b20181103",
"0.4.0b20181104",
"0.4.0b20181105",
"0.4.0b20181106",
"0.4.0b20181108",
"0.4.0b20181109",
"0.4.0b20181110",
"0.4.0b20181111",
"0.4.0b20181112",
"0.4.0b20181113",
"0.4.0b20181114",
"0.4.0b20181115",
"0.4.0b20181116",
"0.4.0b20181117",
"0.4.0b20181118",
"0.4.0b20181119",
"0.4.0b20181120",
"0.4.0b20181122",
"0.4.0b20181123",
"0.4.0b20181124",
"0.4.0b20181125",
"0.4.0b20181126",
"0.4.0b20181127",
"0.4.0b20181128",
"0.4.0b20181129",
"0.4.0b20181130",
"0.4.0b20181201",
"0.4.0b20181202",
"0.4.0b20181203",
"0.4.0b20181204",
"0.4.0b20181205",
"0.4.0b20181206",
"0.4.0b20181207",
"0.4.0b20181208",
"0.4.0b20181209",
"0.4.0b20181210",
"0.4.0b20181211",
"0.4.0b20181212",
"0.4.0b20181213",
"0.4.0b20181214",
"0.4.0b20181215",
"0.4.0b20181216",
"0.4.0b20181217",
"0.4.0b20181218",
"0.4.0b20181219",
"0.4.0b20181220",
"0.4.0b20181221",
"0.4.0b20181222",
"0.4.0b20181223",
"0.4.0b20181224",
"0.4.0b20181225",
"0.4.0b20181226",
"0.4.0b20181227",
"0.4.0b20181228",
"0.4.0b20181229",
"0.4.0b20181230",
"0.4.0b20181231",
"0.4.0b20190101",
"0.4.0b20190102",
"0.4.0b20190103",
"0.4.0b20190104",
"0.4.0b20190105",
"0.4.0b20190106",
"0.4.0b20190107",
"0.4.0b20190108",
"0.4.0b20190109",
"0.4.0b20190110",
"0.4.0b20190111",
"0.4.0b20190112",
"0.4.0b20190113",
"0.4.0b20190114",
"0.4.0b20190115",
"0.4.0b20190116",
"0.4.0b20190117",
"0.4.0b20190118",
"0.4.0b20190119",
"0.4.0b20190120",
"0.4.0b20190121",
"0.4.0b20190122",
"0.4.0b20190123",
"0.4.0b20190124",
"0.4.0b20190125",
"0.4.0b20190126",
"0.4.0b20190127",
"0.4.0b20190128",
"0.4.0b20190129",
"0.4.0b20190130",
"0.4.0b20190131",
"0.4.0b20190201",
"0.4.0b20190202",
"0.4.0b20190203",
"0.4.0b20190204",
"0.4.0b20190205",
"0.4.0b20190206",
"0.4.0b20190207",
"0.4.0b20190208",
"0.4.0b20190209",
"0.4.0b20190210",
"0.4.0b20190211",
"0.4.0b20190212",
"0.4.0b20190213",
"0.4.0b20190214",
"0.4.0b20190215",
"0.4.0b20190216",
"0.4.0b20190217",
"0.4.0b20190218",
"0.4.0b20190219",
"0.4.0b20190220",
"0.4.0b20190221",
"0.4.0b20190222",
"0.4.0b20190223",
"0.4.0b20190224",
"0.4.0b20190225",
"0.4.0b20190226",
"0.4.0b20190227",
"0.4.0b20190228",
"0.4.0b20190301",
"0.4.0b20190302",
"0.4.0b20190303",
"0.4.0b20190304",
"0.4.0b20190305",
"0.4.0b20190306",
"0.4.0b20190307",
"0.4.0b20190308",
"0.4.0b20190309",
"0.4.0b20190310",
"0.4.0b20190311",
"0.4.0b20190312",
"0.4.0b20190313",
"0.4.0b20190314",
"0.4.0b20190315",
"0.4.0b20190316",
"0.4.0b20190317",
"0.4.0b20190318",
"0.4.0b20190319",
"0.5.0",
"0.5.0b20190321",
"0.5.0b20190322",
"0.5.0b20190323",
"0.5.0b20190324",
"0.5.0b20190325",
"0.5.0b20190326",
"0.5.0b20190327",
"0.5.0b20190328",
"0.5.0b20190329",
"0.5.0b20190330",
"0.5.0b20190331",
"0.5.0b20190401",
"0.5.0b20190402",
"0.5.0b20190403",
"0.5.0b20190404",
"0.5.0b20190405",
"0.5.0b20190406",
"0.5.0b20190407",
"0.5.0b20190408",
"0.5.0b20190409",
"0.5.0b20190410",
"0.5.0b20190411",
"0.5.0b20190412",
"0.5.0b20190413",
"0.5.0b20190414",
"0.5.0b20190415",
"0.5.0b20190416",
"0.5.0b20190417",
"0.5.0b20190418",
"0.5.0b20190419",
"0.5.0b20190420",
"0.5.0b20190421",
"0.5.0b20190422",
"0.5.0b20190423",
"0.5.0b20190424",
"0.5.0b20190425",
"0.5.0b20190426",
"0.5.0b20190427",
"0.5.0b20190428",
"0.5.0b20190429",
"0.5.0b20190430",
"0.5.0b20190501",
"0.5.0b20190502",
"0.5.0b20190503",
"0.5.0b20190504",
"0.5.0b20190505",
"0.5.0b20190506",
"0.5.0b20190507",
"0.5.0b20190508",
"0.5.0b20190509",
"0.5.0b20190510",
"0.5.0b20190511",
"0.5.0b20190512",
"0.5.0b20190513",
"0.5.0b20190514",
"0.5.0b20190515",
"0.5.0b20190516",
"0.5.0b20190517",
"0.5.0b20190518",
"0.5.0b20190519",
"0.5.0b20190520",
"0.5.0b20190521",
"0.5.0b20190522",
"0.5.0b20190523",
"0.5.0b20190524",
"0.5.0b20190525",
"0.5.0b20190526",
"0.5.0b20190527",
"0.5.0b20190528",
"0.5.0b20190529",
"0.5.0b20190530",
"0.5.0b20190531",
"0.5.0b20190601",
"0.5.0b20190602",
"0.5.0b20190604",
"0.5.0b20190605",
"0.5.0b20190606",
"0.5.0b20190607",
"0.5.0b20190608",
"0.5.0b20190609",
"0.5.0b20190610",
"0.5.0b20190611",
"0.5.0b20190612",
"0.5.0b20190613",
"0.5.0b20190614",
"0.5.0b20190615",
"0.5.0b20190616",
"0.5.0b20190617",
"0.5.0b20190618",
"0.5.0b20190619",
"0.5.0b20190620",
"0.5.0b20190621",
"0.5.0b20190622",
"0.5.0b20190623",
"0.5.0b20190624",
"0.5.0b20190625",
"0.5.0b20190626",
"0.5.0b20190627",
"0.5.0b20190628",
"0.5.0b20190629",
"0.5.0b20190630",
"0.5.0b20190701",
"0.5.0b20190702",
"0.5.0b20190703",
"0.5.0b20190704",
"0.5.0b20190705",
"0.5.0b20190706",
"0.5.0b20190707",
"0.5.0b20190708",
"0.5.0b20190709",
"0.5.0b20190710",
"0.5.0b20190711",
"0.5.0b20190712",
"0.5.0b20190713",
"0.5.0b20190714",
"0.5.0b20190715",
"0.5.0b20190717",
"0.5.0b20190718",
"0.5.0b20190719",
"0.5.0b20190720",
"0.5.0b20190721",
"0.5.0b20190722",
"0.5.0b20190723",
"0.5.0b20190724",
"0.5.0b20190725",
"0.5.0b20190726",
"0.5.0b20190727",
"0.5.0b20190728",
"0.5.0b20190729",
"0.5.0b20190730",
"0.5.0b20190731",
"0.5.0b20190801",
"0.5.0b20190803",
"0.5.0b20190804",
"0.5.0b20190805",
"0.5.0b20190806",
"0.5.0b20190807",
"0.5.0b20190808",
"0.5.0b20190809",
"0.5.0b20190810",
"0.5.0b20190811",
"0.5.0b20190812",
"0.5.0b20190813",
"0.5.0b20190814",
"0.5.0b20190815",
"0.5.0b20190816",
"0.5.0b20190817",
"0.5.0b20190818",
"0.5.0b20190819",
"0.5.0b20190820",
"0.5.0b20190821",
"0.5.0b20190822",
"0.5.0b20190823",
"0.5.0b20190824",
"0.5.0b20190825",
"0.5.0b20190826",
"0.5.0b20190827",
"0.5.0b20190828",
"0.5.0b20190829",
"0.5.0b20190830",
"0.5.0b20190831",
"0.5.0b20190901",
"0.5.0b20190902",
"0.5.0b20190903",
"0.5.0b20190904",
"0.5.0b20190905",
"0.5.0b20190906",
"0.6.0",
"0.6.0b20190907",
"0.6.0b20190908",
"0.6.0b20190909",
"0.6.0b20190910",
"0.6.0b20190911",
"0.6.0b20190912",
"0.6.0b20190913",
"0.6.0b20190914",
"0.6.0b20190915",
"0.6.0b20190916",
"0.6.0b20190917",
"0.6.0b20190918",
"0.6.0b20190919",
"0.6.0b20190920",
"0.6.0b20190921",
"0.6.0b20190922",
"0.6.0b20190923",
"0.6.0b20190924",
"0.6.0b20190925",
"0.6.0b20190926",
"0.6.0b20190927",
"0.6.0b20190928",
"0.6.0b20190929",
"0.6.0b20190930",
"0.6.0b20191001",
"0.6.0b20191002",
"0.6.0b20191003",
"0.6.0b20191004",
"0.6.0b20191005",
"0.6.0b20191006",
"0.6.0b20191007",
"0.6.0b20191008",
"0.6.0b20191009",
"0.6.0b20191010",
"0.6.0b20191011",
"0.6.0b20191012",
"0.6.0b20191013",
"0.6.0b20191014",
"0.6.0b20191015",
"0.6.0b20191016",
"0.6.0b20191017",
"0.6.0b20191018",
"0.6.0b20191019",
"0.6.0b20191020",
"0.6.0b20191021",
"0.6.0b20191022",
"0.6.0b20191023",
"0.6.0b20191024",
"0.6.0b20191025",
"0.6.0b20191026",
"0.6.0b20191027",
"0.6.0b20191028",
"0.6.0b20191029",
"0.6.0b20191030",
"0.6.0b20191031",
"0.6.0b20191101",
"0.6.0b20191102",
"0.6.0b20191103",
"0.6.0b20191104",
"0.6.0b20191105",
"0.6.0b20191106",
"0.6.0b20191107",
"0.6.0b20191108",
"0.6.0b20191109",
"0.6.0b20191110",
"0.6.0b20191111",
"0.6.0b20191112",
"0.6.0b20191113",
"0.6.0b20191114",
"0.6.0b20191115",
"0.6.0b20191116",
"0.6.0b20191117",
"0.6.0b20191118",
"0.6.0b20191119",
"0.6.0b20191120",
"0.6.0b20191121",
"0.6.0b20191122",
"0.6.0b20191123",
"0.6.0b20191124",
"0.6.0b20191125",
"0.6.0b20191126",
"0.6.0b20191206",
"0.6.0b20191207",
"0.6.0b20191208",
"0.6.0b20191209",
"0.6.0b20191210",
"0.6.0b20191211",
"0.6.0b20191212",
"0.6.0b20191213",
"0.6.0b20191214",
"0.6.0b20191215",
"0.6.0b20191217",
"0.6.0b20191218",
"0.6.0b20191219",
"0.6.0b20191220",
"0.6.0b20191221",
"0.6.0b20191222",
"0.6.0b20191223",
"0.6.0b20191224",
"0.6.0b20191225",
"0.6.0b20191226",
"0.6.0b20191227",
"0.6.0b20191228",
"0.6.0b20191229",
"0.6.0b20191230",
"0.6.0b20200101",
"0.6.0b20200102",
"0.6.0b20200103",
"0.6.0b20200104",
"0.6.0b20200105",
"0.6.0b20200106",
"0.6.0b20200107",
"0.6.0b20200108",
"0.6.0b20200109",
"0.6.0b20200110",
"0.6.0b20200111",
"0.6.0b20200112",
"0.6.0b20200113",
"0.6.0b20200114",
"0.7.0",
"0.7.0b20200115",
"0.7.0b20200116",
"0.7.0b20200117",
"0.7.0b20200118",
"0.7.0b20200119",
"0.7.0b20200120",
"0.7.0b20200121",
"0.7.0b20200122",
"0.7.0b20200123",
"0.7.0b20200124",
"0.7.0b20200128",
"0.7.0b20200129",
"0.7.0b20200130",
"0.7.0b20200131",
"0.7.0b20200201",
"0.7.0b20200202",
"0.7.0b20200203",
"0.7.0b20200204",
"0.7.0b20200205",
"0.7.0b20200206",
"0.7.0b20200207",
"0.7.0b20200208",
"0.7.0b20200209",
"0.7.0b20200210",
"0.7.0b20200211",
"0.7.0b20200212",
"0.7.0b20200213",
"0.7.0b20200214",
"0.7.0b20200215",
"0.7.0b20200216",
"0.7.0b20200217",
"0.7.0b20200218",
"0.7.0b20200219",
"0.7.0b20200220",
"0.7.0b20200221",
"0.7.0b20200301",
"0.7.0b20200302",
"0.7.0b20200303",
"0.7.0b20200304",
"0.7.0b20200305",
"0.7.0b20200306",
"0.7.0b20200307",
"0.7.0b20200308",
"0.7.0b20200309",
"0.7.0b20200310",
"0.7.0b20200311",
"0.7.0b20200312",
"0.7.0b20200313",
"0.7.0b20200314",
"0.7.0b20200315",
"0.7.0b20200316",
"0.7.0b20200317",
"0.7.0b20200318",
"0.7.0b20200319",
"0.7.0b20200320",
"0.7.0b20200321",
"0.7.0b20200322",
"0.7.0b20200323",
"0.7.0b20200324",
"0.7.0b20200325",
"0.7.0b20200327",
"0.7.0b20200328",
"0.7.0b20200329",
"0.7.0b20200330",
"0.7.0b20200331",
"0.7.0b20200401",
"0.7.0b20200402",
"0.7.0b20200403",
"0.7.0b20200404",
"0.7.0b20200405",
"0.7.0b20200406",
"0.7.0b20200407",
"0.7.0b20200408",
"0.7.0b20200409",
"0.7.0b20200410",
"0.7.0b20200411",
"0.7.0b20200412",
"0.7.0b20200413",
"0.7.0b20200414",
"0.7.0b20200415",
"0.7.0b20200416",
"0.7.0b20200417",
"0.7.0b20200418",
"0.7.0b20200419",
"0.7.0b20200420",
"0.7.0b20200421",
"0.8.0",
"0.8.0b20200422",
"0.8.0b20200423",
"0.8.0b20200424",
"0.8.0b20200425",
"0.8.0b20200426",
"0.8.0b20200427",
"0.8.0b20200428",
"0.8.0b20200429",
"0.8.0b20200430",
"0.8.0b20200501",
"0.8.0b20200502",
"0.8.0b20200503",
"0.8.0b20200504",
"0.8.0b20200505",
"0.8.0b20200506",
"0.8.0b20200507",
"0.8.0b20200508",
"0.8.0b20200509",
"0.8.0b20200510",
"0.8.0b20200511",
"0.8.0b20200512",
"0.8.0b20200513",
"0.8.0b20200514",
"0.8.0b20200515",
"0.8.0b20200516",
"0.8.0b20200517",
"0.8.0b20200518",
"0.8.0b20200519",
"0.8.0b20200520",
"0.8.0b20200521",
"0.8.0b20200523",
"0.8.0b20200524",
"0.8.0b20200525",
"0.8.0b20200527",
"0.8.0b20200528",
"0.8.0b20200529",
"0.8.0b20200530",
"0.8.0b20200531",
"0.8.0b20200601",
"0.8.0b20200602",
"0.8.0b20200603",
"0.8.0b20200604",
"0.8.0b20200605",
"0.8.0b20200606",
"0.8.0b20200607",
"0.8.0b20200608",
"0.8.0b20200609",
"0.8.0b20200610",
"0.8.0b20200611",
"0.8.0b20200612",
"0.8.0b20200613",
"0.8.0b20200614",
"0.8.0b20200615",
"0.8.0b20200616",
"0.8.0b20200617",
"0.8.0b20200618",
"0.8.0b20200619",
"0.8.0b20200620",
"0.8.0b20200621",
"0.8.0b20200622",
"0.8.0b20200623",
"0.8.0b20200624",
"0.8.0b20200625",
"0.8.0b20200626",
"0.8.0b20200627",
"0.8.0b20200628",
"0.8.0b20200629",
"0.8.0b20200630",
"0.8.0b20200701",
"0.8.0b20200702",
"0.8.0b20200703",
"0.8.0b20200704",
"0.8.0b20200705",
"0.8.0b20200706",
"0.8.0b20200707",
"0.8.0b20200708",
"0.8.0b20200709",
"0.8.0b20200710",
"0.8.0b20200711",
"0.8.0b20200712",
"0.8.0b20200713",
"0.8.0b20200714",
"0.8.0b20200715",
"0.8.0b20200716",
"0.8.0b20200717",
"0.8.0b20200718",
"0.8.0b20200719",
"0.8.0b20200720",
"0.8.0b20200721",
"0.8.0b20200722",
"0.8.0b20200723",
"0.8.0b20200724",
"0.8.0b20200725",
"0.8.0b20200726",
"0.8.0b20200727",
"0.8.0b20200728",
"0.8.0b20200729",
"0.8.0b20200730",
"0.8.0b20200731",
"0.8.0b20200801",
"0.8.0b20200802",
"0.8.0b20200803",
"0.8.0b20200804",
"0.8.0b20200805",
"0.8.0b20200806",
"0.8.0b20200808",
"0.8.0b20200809",
"0.8.0b20200810",
"0.8.0b20200811",
"0.9.0",
"0.9.0b20200812",
"0.9.0b20200813",
"0.9.0b20200814",
"0.9.0b20200815",
"0.9.0b20200816",
"0.9.0b20200817",
"0.9.0b20200818",
"0.9.0b20200819",
"0.9.0b20200820",
"0.9.0b20200821",
"0.9.0b20200822",
"0.9.0b20200823",
"0.9.0b20200824",
"0.9.0b20200825",
"0.9.0b20200826",
"0.9.0b20200827",
"0.9.0b20200828",
"0.9.0b20200829",
"0.9.0b20200830",
"0.9.0b20200831",
"0.9.0b20200901",
"0.9.0b20200902",
"0.9.0b20200903",
"0.9.0b20200904",
"0.9.0b20200905",
"0.9.0b20200906",
"0.9.0b20200907",
"0.9.0b20200908",
"0.9.0b20200909",
"0.9.0b20200910",
"0.9.0b20200911",
"0.9.0b20200912",
"0.9.0b20200913",
"0.9.0b20200914",
"0.9.0b20200915",
"0.9.0b20200916",
"0.9.0b20200917",
"0.9.0b20200918",
"0.9.0b20200919",
"0.9.0b20200920",
"0.9.0b20200921",
"0.9.0b20200922",
"0.9.0b20200923",
"0.9.0b20200924",
"0.9.0b20200925",
"0.9.0b20200926",
"0.9.0b20200927",
"0.9.0b20200928",
"0.9.0b20200929",
"0.9.0b20200930",
"0.9.0b20201001",
"0.9.0b20201002",
"0.9.0b20201003",
"0.9.0b20201004",
"0.9.0b20201005",
"0.9.0b20201006",
"0.9.0b20201007",
"0.9.0b20201008",
"0.9.0b20201009",
"0.9.0b20201010",
"0.9.0b20201011",
"0.9.0b20201012",
"0.9.0b20201013",
"0.9.0b20201014",
"0.9.0b20201015",
"0.9.0b20201016",
"0.9.0b20201017",
"0.9.0b20201018",
"0.9.0b20201019",
"0.9.0b20201020",
"0.9.0b20201021",
"0.9.0b20201022",
"0.9.0b20201023",
"0.9.0b20201024",
"0.9.0b20201025",
"0.9.0b20201026",
"0.9.0b20201027",
"0.9.0b20201028",
"0.9.0b20201029",
"0.9.0b20201030",
"0.9.0b20201031",
"0.9.0b20201101",
"0.9.0b20201102",
"0.9.0b20201103",
"0.9.0b20201105",
"0.9.0b20201106",
"0.9.0b20201107",
"0.9.0b20201108",
"0.9.0b20201109",
"0.9.0b20201110",
"0.9.0b20201111",
"0.9.0b20201112",
"0.9.0b20201113",
"0.9.0b20201114",
"0.9.0b20201115",
"0.9.0b20201116",
"0.9.0b20201117",
"0.9.0b20201118",
"0.9.0b20201119",
"0.9.0b20201120",
"0.9.0b20201121",
"0.9.0b20201122",
"0.9.0b20201123",
"0.9.0b20201124",
"0.9.0b20201125",
"0.9.0b20201126",
"0.9.0b20201127",
"0.9.0b20201128",
"0.9.0b20201129",
"0.9.0b20201130",
"0.9.0b20201201",
"0.9.0b20201202",
"0.9.1",
"0.9.1.post0",
"0.9.2",
"0.9.3",
"0.9.4",
"0.9.4.post0",
"0.9.4.post1"
]
}
],
"aliases": [
"CVE-2024-12216",
"GHSA-m724-hqmc-ggpx"
],
"details": "A vulnerability in the `ImageClassificationDataset.from_csv()` API of the `dmlc/gluon-cv` repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts `tar.gz` files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can exploit this by crafting malicious tar files that, when extracted, can overwrite files on the victim\u0027s system via path traversal or faked symlinks.",
"id": "PYSEC-2026-1406",
"modified": "2026-07-07T17:24:12.314424Z",
"published": "2026-07-07T14:34:52.814521Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12216"
},
{
"type": "PACKAGE",
"url": "https://github.com/dmlc/gluon-cv"
},
{
"type": "WEB",
"url": "https://github.com/dmlc/gluon-cv/blob/3862e2db33ab650eff7c7c5c5891e805207027b1/gluoncv/utils/filesystem.py#L223-L229"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/46081fdc-2951-4deb-a2c9-2627007bdce0"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/gluoncv"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-m724-hqmc-ggpx"
}
],
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "GluonCV Arbitrary File Write via TarSlip"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…