Main Vulnerability Database Exploits ID:8661 - Exploit for Path traversal in Python - CVE-2007-4559

ID:8661 - Exploit for Path traversal in Python - CVE-2007-4559

Published: December 12, 2022

Vulnerability identifier: #VU67583

Vulnerability risk: High

CVE-ID: CVE-2007-4559

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Python

Link to public exploit:

https://github.com/Ooscaar/MALW

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper validation of filenames in the tarfile module in Python. A remote attacker can create a specially crafted archive with symbolic links inside or filenames that contain directory traversal characters (e.g. "..") and overwrite arbitrary files on the system.

Remediation

Install update from vendor's website.

ID:8661 - Exploit for Path traversal in Python - CVE-2007-4559

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human