"15-Year-Old Unpatched Python Vulnerability Potentially Affects Over 350,000 Projects"

About 350,000 open source projects may be vulnerable to exploitation as a result of a 15-year-old unpatched security flaw in a Python module. The open source repositories cover a wide range of industry verticals, including software development, Artificial Intelligence/Machine Learning (ML), web development, media, security, and more. The flaw, tracked as CVE-2007-4559, stems from the tarfile module, and successful exploitation could result in code execution from an arbitrary file write. According to Trellix security researcher Kasimir Schulz, the vulnerability is a path traversal attack in the extract and extractall functions of the tarfile module that allows an attacker to overwrite arbitrary files by appending the '..' sequence to filenames in a TAR archive. The bug, first reported in August 2007, is related to how a specially crafted TAR archive can be used to overwrite arbitrary files on a target machine simply by opening the file. This article continues to discuss the 15-year-old unpatched Python flaw that could be leaving 350,000 open source projects vulnerable. 

THN reports "15-Year-Old Unpatched Python Vulnerability Potentially Affects Over 350,000 Projects"