21CTO

Sep 25, 2022 · Information Security

How a 15-Year-Old Python Tarfile Flaw Still Threatens 350k Open-Source Projects

Security firm Trellix warns that the 15-year-old CVE-2007-4559 directory-traversal flaw in Python’s built-in tarfile module remains unpatched, potentially allowing attackers to execute arbitrary code on any system using Python, and affecting an estimated 350,000 open-source projects across diverse domains.