CVE-2007-4559 vulnerability (Python)

Windows specific questions, problems.
Post Reply
tenebraesec

CVE-2007-4559 vulnerability (Python)

Post by tenebraesec »

is qBittorrent 4.4.5 affected?
As many as 350,000 open source projects are believed to be potentially vulnerable to exploitation as a result of a security flaw in a Python module that has remained unpatched for 15 years.

The open source repositories span a number of industry verticals, such as software development, artificial intelligence/machine learning, web development, media, security, and IT management.

The shortcoming, tracked as CVE-2007-4559 (CVSS score: 6.8), is rooted in the tarfile module, successful exploitation of which could lead to code execution from an arbitrary file write.

"The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the '..' sequence to filenames in a TAR archive," Trellix security researcher Kasimir Schulz said in a writeup.
https://thehackernews.com/2022/09/15-ye ... ython.html
User avatar
Peter
Administrator
Administrator
Posts: 2690
Joined: Wed Jul 07, 2010 6:14 pm

Re: CVE-2007-4559 vulnerability (Python)

Post by Peter »

Python is great! But oh boy, does it get complicated with the versions.

qBittorrent project:
qBittorrent just installs Python from the Python website basically.
The project does not ship Python, does not bundle it, etc.

Linux users:
Should receive a new version automatically.
Post Reply