Description
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Remediation
References
Related Vulnerabilities
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4901)
WordPress Plugin Woocommerce Categories in gallery format Cross-Site Scripting (1.0.1)
WordPress Plugin WP Social Feed Gallery Unspecified Vulnerability (2.1.1)
WordPress Plugin PowerPress Podcasting by Blubrry Cross-Site Scripting (10.0)