Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
References
Configurations
Configuration 1 (hide)
|
History
23 Mar 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Mar 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Mar 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Sep 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Aug 2023, 17:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Python
Python python |
|
References | (MLIST) http://mail.python.org/pipermail/python-dev/2007-August/074292.html - Exploit, Mailing List | |
References | (SECUNIA) http://secunia.com/advisories/26623 - Broken Link | |
References | (MLIST) http://mail.python.org/pipermail/python-dev/2007-August/074290.html - Mailing List, Vendor Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2007/3022 - Broken Link | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=263261 - Issue Tracking | |
CPE | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
Information
Published : 2007-08-28 01:17
Updated : 2024-03-23 03:15
NVD link : CVE-2007-4559
Mitre link : CVE-2007-4559
CVE.ORG link : CVE-2007-4559
JSON object : View
Products Affected
python
- python
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')