---

CVE-2019-20907 - log back

CVE-2019-20907 edited at 26 Mar 2021 17:33:10
Severity	- Medium + Low

CVE-2019-20907 edited at 26 Mar 2021 17:31:58
Severity	- Low + Medium
Remote	- Local + Remote

CVE-2019-20907 edited at 21 Feb 2021 11:01:33
Severity	- Unknown + Low
Remote	- Unknown + Local
Type	- Unknown + Denial of service
Description	+ In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
References	+ https://bugs.python.org/issue39017 + https://github.com/python/cpython/pull/21454 + https://github.com/python/cpython/commit/5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4

CVE-2019-20907 created at 21 Feb 2021 10:59:50
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes