python
Page content
- Author: voroskoi
- Vulnerable: 2.5-3terminus1
- Unaffected: 2.5-3terminus2
Some vulnerabilities have been reported in the Python tarfile module, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused due to input validation errors when extracting tar archives. This can be exploited to extract files to arbitrary locations outside the specified directory with the permissions of the application using the tarfile module by using the “../” directory traversal sequence or malicious symlinks in a specially crafted tar archive.
- Bug Tracker URL: http://bugs.frugalware.org/task/2382