“The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “..” sequence to filenames in a TAR archive”, said Trellix security researcher Kasimir Schulz.
Upon the successful exploitation of the vulnerability, an attacker can gain code execution from the file write.
The Tarfile Vulnerability
Reports say tarfiles are a collection of multiple different files and metadata which is later used to unarchive the tarfile. In this case, attackers can exploit the flaw by uploading a malicious tarfile which make it possible to escape the directory that a file is intended to be extracted to and achieve code execution.
“An attacker to take advantage of this vulnerability they need to add “..” with the separator for the operating system (“/” or “”) into the file name to escape the directory the file is supposed to be extracted to”, Trellix
Vulnerability is Incredibly Easy to Exploit
Researchers say this vulnerability is easy to exploit, doesn’t need much knowledge about complicated security. As a result Python’s tarfile module has become a very big supply chain issue frightening infrastructure around the world.