Vulnerability CVE-2007-4559: Information

Description

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Severity: MEDIUM (6.8)

Published: Aug. 28, 2007
Modified: March 23, 2024
Error type identifier: CWE-22

Fixed packages

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
      Start including
      3.10.0
      End excluding
      3.10.12

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
      Start including
      3.9.0
      End excluding
      3.9.17

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
      Start including
      3.7.0
      End excluding
      3.8.17

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
      End excluding
      3.6.16

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
      Start including
      3.11.0
      End excluding
      3.11.4