https://thehackernews.com/2022/09/15-ye ... ython.htmlAs many as 350,000 open source projects are believed to be potentially vulnerable to exploitation as a result of a security flaw in a Python module that has remained unpatched for 15 years.
The open source repositories span a number of industry verticals, such as software development, artificial intelligence/machine learning, web development, media, security, and IT management.
The shortcoming, tracked as CVE-2007-4559 (CVSS score: 6., is rooted in the tarfile module, successful exploitation of which could lead to code execution from an arbitrary file write.
"The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the '..' sequence to filenames in a TAR archive," Trellix security researcher Kasimir Schulz said in a writeup.
CVE-2007-4559 vulnerability (Python)
CVE-2007-4559 vulnerability (Python)
is qBittorrent 4.4.5 affected?
Re: CVE-2007-4559 vulnerability (Python)
Python is great! But oh boy, does it get complicated with the versions.
qBittorrent project:
qBittorrent just installs Python from the Python website basically.
The project does not ship Python, does not bundle it, etc.
Linux users:
Should receive a new version automatically.
qBittorrent project:
qBittorrent just installs Python from the Python website basically.
The project does not ship Python, does not bundle it, etc.
Linux users:
Should receive a new version automatically.