A vulnerability in the Python programming language that has been overlooked for 15 years is back in the spotlight. The vulnerability is in Python’s tarfile package, in code that uses un-sanitized tarfile.extract() function or the built-in defaults of tarfile. It is a path traversal bug that enables an attacker to overwrite arbitrary files. Trellix researchers found that the vulnerability was present in thousands of software projects, both open and closed source. The fixes will be available forked of the impacted repository, though they will also need to be accepted by maintainers.Read Long Article
