A critical security vulnerability has been identified in Python that has not been updated for 15 years, leaving more than 350,000 open source projects vulnerable to attacks.
The vulnerability tracked as CVE-2007-4559 exists in the “Tarfile” module of Python, which is widely used in frameworks created by Netflix, AWS, Intel, Facebook, Google, and applications used for machine learning, automation, and docker containerization available via file. The tarfile module makes it possible to read and write tar archives, including gzip, bz2 and lzma compressed files. A successful exploit allows threat actors to execute arbitrary code on the vulnerable system or take control of a target system.
There is no update or mitigation suggestion to fix the said vulnerability. Therefore, thousands of Python projects are still vulnerable to vulnerability. In this context, it is recommended that the updates that are likely to be published regarding the vulnerability should be followed regularly and implemented immediately if published.