"Up to 350,000 Open-Source Projects Vulnerable to 15-Year-Old Python Bug"

A 15-year-old Python vulnerability has impacted hundreds of thousands of open-source projects over the course of its existence. The vulnerability, tracked as CVE-2007-4559, is a path traversal flaw in the extract and extractall functions of the Python tarfile module. Trellix researchers warned that, if abused, the vulnerability could allow an attacker to overwrite arbitrary files within a TAR archive. Researchers initially believed they had uncovered a new zero-day vulnerability upon discovering the bug. However, a following study revealed that the flaw dated back to 2007. At the time, the vulnerability was thought to be of minor importance, but Trellix then revealed that it was discovered in about 350,000 open-source projects and in an undisclosed number of closed-source projects. Since the bug's discovery, Trellix stated that it had collaborated with GitHub to implement a fix. To date, about 62,000 vulnerable open-source projects have been fixed. This article continues to discuss the discovery and impact of the 15-year-old Python bug. 

ITPro reports "Up to 350,000 Open-Source Projects Vulnerable to 15-Year-Old Python Bug"