Medium severity5.3OSV Advisory· Published Jun 3, 2025· Updated Apr 15, 2026

CVE-2024-12718

Description

Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature.

Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.

Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Python tarfile module with filter='data' or 'tar' allows modifying file metadata or permissions outside the extraction directory, affecting Python 3.12+.

Vulnerability

Overview

The Python tarfile module's extraction filters "data" and "tar" fail to properly restrict file metadata modifications (e.g., last modified time) and permission changes (chmod) to files outside the intended extraction directory. This occurs because the module does not adequately normalize symbolic link targets or resolve path traversal attempts, allowing operations on arbitrary files on the system. The issue affects Python versions 3.12 and later, which introduced the extraction filter feature; earlier versions are not vulnerable as they lack this functionality.

Exploitation

An attacker can craft a malicious tar archive containing entries with symbolic links or absolute paths that point outside the extraction directory. When a victim extracts the archive using TarFile.extractall() or TarFile.extract() with filter="data" or filter="tar", the tarfile module will apply the specified metadata or permission changes to the target files. No authentication is required beyond providing the archive; exploitation can occur locally or remotely if the archive is downloaded and extracted. The attack surface is limited to systems where untrusted tar archives are processed with these specific filter settings.

Impact

With filter="data", an attacker can modify the last modified timestamp of arbitrary files, potentially disrupting system operations or aiding in forensic evasion. With filter="tar", an attacker can change file permissions, which could lead to privilege escalation or denial of service by making critical files inaccessible. The vulnerability does not allow modification of file contents, but the ability to alter metadata and permissions can be leveraged in multi-step attacks.

Mitigation

The vulnerability has been patched in Python via commits to the 3.12, 3.13, and 3.14 branches [1][2][3][4]. Users should update to the latest patched versions of Python. As a workaround, avoid using filter="data" or filter="tar" with untrusted archives, or use the default filter (note that in Python 3.14+, the default changed to "data", so relying on the default also exposes users to this vulnerability). For trusted archives, the "fully_trusted" filter can be used safely.

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.