CVE-2007-4559 — Path Traversal in Python
Severity
9.8CRITICALNVD
OSV2.1
EPSS
90.6%
top 0.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 28
Latest updateApr 8
Description
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages7 packages
🔴Vulnerability Details
6OSV▶
pyload-ng: Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass↗2026-04-08
GHSA▶
pyload-ng: Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass↗2026-04-08
GHSA▶
GHSA-gw9q-c7gh-j9vm: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attacker↗2022-05-01