Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote malicious users to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
|Vulnerable Product||Search on Vulmon||Subscribe to Product|
python software foundation python
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Oh cool, a 5,500-day security hole
At least 350,000 open source projects are believed to be potentially vulnerable to exploitation via a Python module flaw that has remained unfixed for 15 years.
On Tuesday, security firm Trellix said its threat researchers had encountered a vulnerability in Python's tarfile module, which provides a way to read and write compressed bundles of files known as tar archives. Initially, the bug hunters thought they'd chanced upon a zero-day.
It turned out to be about a 5,500-day issue: the...