Sep 23, 2022

15-Year-Old Unpatched Python Vulnerability Potentially Affects Over 350,000 Projects

Posted by in categories: robotics/AI, security

As many as 350,000 open source projects are believed to be potentially vulnerable to exploitation as a result of a security flaw in a Python module that has remained unpatched for 15 years.

The open source repositories span a number of industry verticals, such as software development, artificial intelligence/machine learning, web development, media, security, and IT management.

The shortcoming, tracked as CVE-2007–4559 (CVSS score: 6.8), is rooted in the tarfile module, successful exploitation of which could lead to code execution from an arbitrary file write.

Comments are closed.