PyPI: compas

CVE-2007-4559

Safety vulnerability ID: SFTY-20070828-40880

Safety legacy ID: pyup.io-61127

Compas 1.17.5 includes a fix for CVE-2007-4559: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. https://github.com/compas-dev/compas/commit/0d0f9bec24511fe5dbc77ef73ee617dc83b4420e

PythonPyPINVDNVD
Created at: Apr 23, 2026Updated at: Apr 23, 2026

Overview

Compas 1.17.5 includes a fix for CVE-2007-4559: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. https://github.com/compas-dev/compas/commit/0d0f9bec24511fe5dbc77ef73ee617dc83b4420e

Advisory

Compas 1.17.5 includes a fix for CVE-2007-4559: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. https://github.com/compas-dev/compas/commit/0d0f9bec24511fe5dbc77ef73ee617dc83b4420e

Affected Package

Affecting compas package, versions
<1.17.5

Also affects

---

How to Fix

Upgrade
compas
to
1.17.5
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more