Launchpad CVE tracker

CVE 2007-4559

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Related bugs and status

CVE-2007-4559 (Candidate) is related to these bugs:

Bug #1990432: Potential path traversal vulnerability through python tarfile.extractall in Kolla

		In	Importance	Status
1990432	Potential path traversal vulnerability through python tarfile.extractall in Kolla	kolla	Medium	Fix Released
1990432	Potential path traversal vulnerability through python tarfile.extractall in Kolla	kolla wallaby	Undecided	Fix Released
1990432	Potential path traversal vulnerability through python tarfile.extractall in Kolla	kolla antelope	Medium	Fix Released
1990432	Potential path traversal vulnerability through python tarfile.extractall in Kolla	kolla zed	Undecided	Fix Released
1990432	Potential path traversal vulnerability through python tarfile.extractall in Kolla	kolla xena	Undecided	Fix Released
1990432	Potential path traversal vulnerability through python tarfile.extractall in Kolla	kolla yoga	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-4559

References