Security News > 2022 > September > Unpatched 15-year old Python bug allows code execution in 350k projects
A vulnerability in the Python programming language that has been overlooked for 15 years is now back in the spotlight as it likely affects more than 350,000 open-source repositories and can lead to code execution.
The vulnerability is in the Python tarfile package, in code that uses un-sanitized tarfile.
"Failure to write any safety code to sanitize the members files before calling for tarfile.extract() tarfile.extractall() results in a directory traversal vulnerability, enabling a bad actor access to the file system" - Charles McFarland, vulnerability researcher in the Trellix Advanced Threat Research team.
The researchers scraped a set of 257 repositories more likely to include the vulnerable code and manually checked 175 of them to see if they were affected.
"With GitHub's help we were able to get a much larger dataset to include 588,840 unique repositories that include 'import tarfile' in its python code" - Charles McFarland.
They managed to escalate the file write and achieve code execution in a test on Polemarch IT infrastructure management service.