PSF is urging its legion of Python users to upgrade systems to Python 3.8.8 or 3.9.2, in particular to address the remote code execution (RCE) vulnerability that's tracked as CVE-2021-3177.

The vulnerability is in the Python tarfile package, in code that uses un-sanitized tarfile.extract() function or the built-in defaults of tarfile.extractall(). It is a path traversal bug that ...

Trellix is working to push code via GitHub pull request to protect open-source projects from the vulnerability. Trellix currently has patches available for 11,005 repositories ready for pull requests.

Newly discovered campaign takes advantage of the fact that most vulnerability scanning tools don't read compiled open-source software. Attackers who are targeting open-source package repositories ...

It turns out, the ipaddress standard library introduced in Python 3.3 is also impacted by this vulnerability, as disclosed this week by Victor Viale, Sick Codes, Kelly Kaoudis, John Jackson, and ...

Popular Topics Generative AI; Networking; Cloud Computing; Data Center; Search ...

A high-severity vulnerability in GitHub Enterprise Server could have allowed remote attackers to execute arbitrary code.

CVE-2021-38305 allows attackers to bypass existing protections and run arbitrary Python code by manipulating the schema file provided as input to Yamale, according to the JFrog security research team.

This vulnerability results in Remote Code Execution by logging a certain string. Considering the ubiquitousness of the library, ... December release of Python VS Code now available.

All applications and open-source projects using the Python terfile module are potentially vulnerable, according to cybersecurity company Trellix. Currently, 350,000 open-source projects and ...