Exploit for Path Traversal in Python

CVE-2007-4559 — TarSlip: The 15-Year Directory Traversal...

python38:3.8 and python38-devel:3.8 security update

An update is available for module.modwsgi, module.python-psutil, python-packaging, module.Cython, module.python3x-setuptools, module.python-wcwidth, module.python-ply, python-psycopg2, python-psutil, python-chardet, module.python-pluggy, python-lxml, python-pysocks, python-wcwidth, python-pluggy,...

RockyLinux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2023:7034)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7034 advisory. python: tarfile module directory traversal CVE-2007-4559 python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has...

RockyLinux 8 : python38:3.8 and python38-devel:3.8 (RLSA-2023:7050)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7050 advisory. python: tarfile module directory traversal CVE-2007-4559 python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has...

SUSE: Security Advisory (SUSE-SU-2026:0210-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 8 : python3.11-pip-22.3.1-4.el8 (AXSA:2023-7138:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7138:02 advisory. python: tarfile module directory traversal CVE-2007-4559 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : python3-3.6.8-56.el8.ML.1 (AXSA:2023-7212:08)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7212:08 advisory. python: tarfile module directory traversal CVE-2007-4559 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 9 : python-pip-21.2.3-7.el9 (AXSA:2023-6874:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6874:01 advisory. python: tarfile module directory traversal CVE-2007-4559 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : python-pip-9.0.3-23.el8 (AXSA:2023-7234:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7234:02 advisory. python: tarfile module directory traversal CVE-2007-4559 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 9 : python3.9-3.9.18-1.el9 (AXSA:2023-6804:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6804:05 advisory. python: tarfile module directory traversal CVE-2007-4559 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 9 : python3.11-pip-22.3.1-4.el9 (AXSA:2023-6924:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6924:01 advisory. python: tarfile module directory traversal CVE-2007-4559 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 7 : python3-3.6.8-21.0.4.el7.AXS7 (AXSA:2025-11000:05)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11000:05 advisory. CVE-2007-4559: implement PEP 706 a filter in the tarfile module to prevent directory traversal vulnerability CVEs: CVE-2007-4559 Directory traversal...

TencentOS Server 3: python3 (TSSA-2023:0299)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0299 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: python3.11-pip (TSSA-2023:0278)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0278 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Fedora: Security Advisory (FEDORA-2024-19882248ad)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Alibaba Cloud Linux 3 : 0272: python3.11-pip (ALINUX3-SA-2024:0272)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0272 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2007-4559: Directory traversal vulnerability in...

Alibaba Cloud Linux 3 : 0040: python3 (ALINUX3-SA-2024:0040)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0040 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2007-4559: Directory traversal...

Advisory ROSA-SA-2025-2825

Software: python-pip 9.0.3 OS: ROSA Virtualization 3.0 packageevrstring: python-pip-9.0.3-24.rv30 CVE-ID: CVE-2007-4559 BDU-ID: 2022-05975 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the extract and extractall functions of the tarfile module of the Python programming language interpreter is...

Amazon Linux 2 : python38-pip (ALASPYTHON3.8-2025-018)

The version of python38-pip installed on the remote host is prior to 21.0.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2PYTHON3.8-2025-018 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows...

Medium: python-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...