CVE-2019-20907 log

Source
Severity Low
Remote No
Type Denial of service
Description
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
Group Package Affected Fixed Severity Status Ticket
AVG-1597 python2 2.7.18-2 Medium Vulnerable FS#68063
References
https://bugs.python.org/issue39017
https://github.com/python/cpython/pull/21454
https://github.com/python/cpython/commit/5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4