{"id":146886,"date":"2022-09-23T19:22:46","date_gmt":"2022-09-24T00:22:46","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2022\/09\/15-year-old-unpatched-python-vulnerability-potentially-affects-over-350000-projects"},"modified":"2022-09-23T19:22:46","modified_gmt":"2022-09-24T00:22:46","slug":"15-year-old-unpatched-python-vulnerability-potentially-affects-over-350000-projects","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2022\/09\/15-year-old-unpatched-python-vulnerability-potentially-affects-over-350000-projects","title":{"rendered":"15-Year-Old Unpatched Python Vulnerability Potentially Affects Over 350,000 Projects"},"content":{"rendered":"<p><\/p>\n<p><iframe style=\"display: block; margin: 0 auto; width: 100%; aspect-ratio: 4\/3; object-fit: contain;\" src=\"https:\/\/www.youtube.com\/embed\/bpVmMlUgPJM?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; encrypted-media; gyroscope;\n   picture-in-picture\" allowfullscreen><\/iframe><\/p>\n<p>As many as 350,000 open source projects are believed to be potentially vulnerable to exploitation as a result of a security flaw in a Python module that has remained unpatched for 15 years.<\/p>\n<p>The open source repositories span a number of industry verticals, such as software development, artificial intelligence\/machine learning, web development, media, security, and IT management.<\/p>\n<p>The shortcoming, tracked as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2007-4559\" rel=\"noopener\" target=\"_blank\">CVE-2007\u20134559<\/a> (CVSS score: 6.8), is rooted in the tarfile module, successful exploitation of which could lead to code execution from an arbitrary file write.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As many as 350,000 open source projects are believed to be potentially vulnerable to exploitation as a result of a security flaw in a Python module that has remained unpatched for 15 years. The open source repositories span a number of industry verticals, such as software development, artificial intelligence\/machine learning, web development, media, security, and [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,1492],"tags":[],"class_list":["post-146886","post","type-post","status-publish","format-standard","hentry","category-robotics-ai","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/146886","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=146886"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/146886\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=146886"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=146886"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=146886"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}