Security News > 2022 > September > 350,000 open source projects at risk from Python vulnerability

350,000 open source projects at risk from Python vulnerability
2022-09-22 14:44

350,000 open source projects at risk from Python vulnerability.

Cybersecurity company Trellix announced Wednesday that a known Python vulnerability puts 350,000 open-source projects and the applications that use them at risk of device take over or malicious code execution.

It is unknown how many live applications utilize the tarfile module and no known exploitation of the vulnerability has occurred in the wild, said Doug McKee, a principal engineer and director of Vulnerability Research at Trellix.

Trellix Advanced Research Center researcher Kasimir Schulz, a vulnerability research intern at Trellix, helped find the issue while investigating an unrelated vulnerability.

Trellix is working to push code via GitHub pull request to protect open-source projects from the vulnerability.

Also See Share: 350,000 open source projects at risk from Python vulnerability.


News URL

https://www.techrepublic.com/article/open-source-python-vulnerability/

Related news

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Python 24 2 52 74 31 159