Main Vulnerability Database Vulnerabilities #VU67583

#VU67583 Path traversal in Python - CVE-2007-4559

Published: September 22, 2022 / Updated: December 3, 2025

Vulnerability identifier: #VU67583

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2007-4559

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Python

Software vendor:
Python.org

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper validation of filenames in the tarfile module in Python. A remote attacker can create a specially crafted archive with symbolic links inside or filenames that contain directory traversal characters (e.g. "..") and overwrite arbitrary files on the system.

Remediation

Install update from vendor's website.

External links

http://mail.python.org/pipermail/python-dev/2007-August/074290.html
http://mail.python.org/pipermail/python-dev/2007-August/074292.html
https://bugzilla.redhat.com/show_bug.cgi?id=263261
https://bugs.python.org/issue1044
https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9

#VU67583 Path traversal in Python - CVE-2007-4559

Description

Remediation

External links

Please verify you're human