• This ancient unpatched Python security flaw could leave thousands of projects vulnerable

    2 days ago - By Tech Radar

    A rather old unpatched Python security vulnerability has resurfaced, causing researchers to warn that hundreds of thousands of projects might be vulnerable to code execution. Cybersecurity researchers from Trellix have recently spotted CVE-2007-4559, a flaw in the Python tarfile package, first discovered back in 2007. However, back then, the flaw never received a patch, but rather just a warning published in a security bulletin.
    Identifying vulnerable projects
    The vulnerability is in code that uses un-sanitized tarfile.extract function, or the built-in defaults of tarfileextractall. “It's...
    Read more ...