This repository has been archived by the owner on Oct 29, 2022. It is now read-only.
Tarfile security vulnerability rediscovered #124
Labels
Content
Topics for discussion and inclusion in newsletters
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
URL
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/tarfile-exploiting-the-world.html
When was this post released
20220921
Summary
A fifteen year old security vulnerability in the tarfile module has been rediscovered after a security researcher demonstrated possible a code execution exploit potentially affecting "hundreds of thousands of repositories" on GitHub. This bug can be exploited by crafting a malicious tarfile that contains a path outside of the intended extraction directory. The original report of this issue fifteen years ago was closed with a documentation fix, but a conversation around additional safeguards in Python's standard library is happening now on CPython's GitHub issue tracker.
Code of Conduct
The text was updated successfully, but these errors were encountered: