CVE-2007-4559 PoC — Python tarfile 模块路径遍历漏洞

Source

https://github.com/depers-rus/CVE-2007-4559

Associated Vulnerability

Title:Python tarfile 模块路径遍历漏洞 (CVE-2007-4559)
Description:Python是Python基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。 Python tarfile模块中的(1)extract和(2)extractall函数存在路径遍历漏洞，该漏洞允许用户辅助远程攻击者通过..TAR存档文件中文件名中的(dot dot)序列，该漏洞与CVE-2001-1267相关。

Readme

# PoC or Exploit for CVE-2007-4559
A malicious TAR archive can include file paths like ../../../../etc/passwd, which try to "climb up" out of the intended extraction folder.

If a Python script uses tarfile.extract() or extractall() without checking the file paths, it will unpack files to those locations — even if they point outside the target directory.

That means a hacker could overwrite sensitive or system files, especially if the user runs the script with elevated permissions.

# Vulnerable
As of 2025, both Debian 11–12 and Ubuntu 24 are still affected by this vulnerability. Other operating systems haven’t been tested, but these two are among the most widely used, so that alone is concerning. Even though this vulnerability dates back to 2007, it’s still present in LTS (long-term support) versions — and the vulnerable software isn’t patched automatically through a standard apt upgrade.

# Proof
![изображение](https://github.com/user-attachments/assets/0b5aaf01-0ecd-47bd-9f88-a71f8e23dec0)

File Snapshot


 [4.0K]  /data/pocs/3beb6ca03441136a885f372923f6ce7182b47cb0
├── [1.9K]  CVE-2007-4559-PoC.py
└── [1.0K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!