Unpatched since 2007 The vulnerability is in the Python tarfile package, in code that uses un-sanitized tarfile.extract () function or the built-in defaults of tarfile.extractall ().

The PyPI repository has removed a Python package called 'mitmproxy2' that was an identical copy of the official "mitmproxy" library, but with an "artificially introduced" code execution vulnerability.

Secure Execution: Ensures that untrusted Python code runs in a safe, isolated environment, protecting your system from potential threats. This is particularly important when working with external ...

This allows the Python code to be executed directly in a browser-based Excel add-in. PyScript is based on Pyodide, a project originally launched by Mozilla for Python applications in the browser.