HIGH 7.5
CVE-2026-3087
EN If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Apps suivies affectées
Configurations CPE vulnérables
| Vendor | Produit | Plateforme | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| python | python | Windows | ≤3.14.4 | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.15.0:alpha_1:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.15.0:alpha_2:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.15.0:alpha_3:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.15.0:alpha_4:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.15.0:alpha_5:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.15.0:alpha_6:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.15.0:alpha_7:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.15.0:alpha_8:*:*:*:*:*:* |