image credit: adobe stock
In September 2022, Trellix published a report on a vulnerability in the tarfile module, which is part of a standard library for the Python programming language and can be used by anyone. The vulnerability allows an arbitrary file to be written to an arbitrary folder on the hard drive, and in some cases it also allows for malicious code execution. What makes this study noteworthy is that the problem in tarfile was discovered in August 2007 – just over 15 years ago! But back then it wasn’t considered dangerous. Let’s find out why is wasn’t, and what problems Python developers and their users could face as a result.
Comments are closed.
