PyPI: virtool-core
CVE-2007-4559
Safety vulnerability ID: SFTY-20070828-38122
Safety legacy ID: pyup.io-52059
Virtool-core 2.39.1 includes a fix for CVE-2007-4559: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Overview
Virtool-core 2.39.1 includes a fix for CVE-2007-4559: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Advisory
Virtool-core 2.39.1 includes a fix for CVE-2007-4559: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20070828-38122/CVE-2007-4559
- http://mail.python.org/pipermail/python-dev/2007-August/074290.html
- http://mail.python.org/pipermail/python-dev/2007-August/074292.html
- http://secunia.com/advisories/26623
- http://www.vupen.com/english/advisories/2007/3022
- https://bugzilla.redhat.com/show_bug.cgi?id=263261
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4559
- https://pypi.org/project/virtool-core
- https://pyup.io/changelogs/virtool-core/
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more