CVE-2007-4559

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
28/08/2007
Last modified:
09/04/2025

Description

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* 3.6.16 (excluding)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* 3.7.0 (including) 3.8.17 (excluding)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* 3.9.0 (including) 3.9.17 (excluding)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* 3.10.0 (including) 3.10.12 (excluding)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* 3.11.0 (including) 3.11.4 (excluding)


References to Advisories, Solutions, and Tools