The Python tarfile module could be dangerous for all programs that utilize it, according to a statement made on Wednesday, September 21, 2022 by cybersecurity company Trellix.
Trellix said that 350,000 open-source projects and the applications that use them are at risk of device takeover or malicious code execution due to a known Python vulnerability.
The Netflix, AWS, Intel, Facebook, and Google frameworks, as well as programs for machine learning, automation, and Docker containerization, all make extensive use of the Python tarfile module, Trellix said.
According to Trellix, hackers who gain access to a device have the ability to take control of it or execute arbitrary code on it.
In 2007, a medium risk score of 6.8 out of 10 was assigned to the vulnerability, CVE-2007-4559, when it was first identified. Reportedly, by using un-sanitized tarfile.extract or the built-in defaults of tarfile.extractall, it can be attacked by uploading a malicious file created with two or three lines of code.
Meanwhile, Doug McKee, a lead engineer and director of vulnerability research at Trellix, claims that the vulnerability has not yet been used in the wild. The quantity of live programs using the tarfile module is similarly unknown. He asserted that no scanners were looking for the vulnerability.
Before you can receive free updates, link building strategies or SEO tips you need to confirm your email right now.
(It’s easy)
Just go to your inbox, open the confirmation email from the SIA, and click the link.
And that’s it!
PS: If you don’t see a confirmation email, please check your spam/junk or promotions folders. Sometimes the confirmation message ends up there by mistake.
Obtenez nos 7 études S.I.A. les plus controversées qui feront trembler la tête même les SEO les plus avancés d’incrédulité.
De plus, nous vous alerterons lorsque nous publierons de nouveaux tests au public.
Obtenga nuestros 7 estudios S.I.A. más controvertidos que harán que incluso el SEO más avanzado sacuda la cabeza con incredulidad.
Además, le avisaremos cuando publiquemos nuevas pruebas al público.
Get Our Most 7 Controversial S.I.A. Studies That Will Make Even the Most Advanced SEO Shake Their Head in Disbelief.
Plus we will alert you when we publish new tests to the public.
