QwikSec

Security Database

CVE

CWE

Training

CVE-2007-4559

Published: Aug 28, 2007

Modified: Jan 17, 2025

PUBLISHED

Description

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

vdb-entry

https://bugzilla.redhat.com/show_bug.cgi?id=263261

[python-dev] 20070824 tarfile and directory traversal vulnerability

mailing-list

[python-dev] 20070825 tarfile and directory traversal vulnerability

mailing-list

vendor-advisory

FEDORA-2024-d1f1084584

vendor-advisory

FEDORA-2024-ebb3c95344

vendor-advisory

FEDORA-2024-46374d2703

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.