15-Year-Old Python Vulnerability Present in 350,000 Projects Revived

14
Python Vulnerability
15-Year-Old-Python-Vulnerability-Present-in-350_000-Projects-Revived

A 15-year-old Python vulnerability has been revived by researchers at the threat detection and response company Trellix, demonstrating that it is more serious than first thought and that it could impact hundreds of thousands of applications.

In order to remotely overwrite any files, an attacker would need to persuade users to process specially crafted tar archives. The vulnerability in question is CVE-2007-4559, which was initially classified as a directory traversal flaw in Python’s “tarfile” module. Users were cautioned not to open archive files from unverified sources rather than having the vulnerability properly patched.

Trellix researchers have now demonstrated that an attacker can exploit the vulnerability to write arbitrary files and, from there, typically execute malicious code.

Read More: 15-Year-Old Python Vulnerability Present in 350,000 Projects Resurrected

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.