Lucene search

K
cveMitreCVE-2007-4559
HistoryAug 28, 2007 - 1:17 a.m.

CVE-2007-4559

2007-08-2801:17:00
CWE-22
mitre
web.nvd.nist.gov
466
2
20
cve-2007-4559
directory traversal
remote attack
python
tarfile module
nvd
cve

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.093

Percentile

94.8%

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a … (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Affected configurations

Nvd
Node
pythonpythonRange<3.6.16
OR
pythonpythonRange3.7.0–3.8.17
OR
pythonpythonRange3.9.0–3.9.17
OR
pythonpythonRange3.10.0–3.10.12
OR
pythonpythonRange3.11.0–3.11.4
VendorProductVersionCPE
pythonpython*cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Social References

More

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.093

Percentile

94.8%