CVE-2019-20907 - log back

CVE-2019-20907 edited at 26 Mar 2021 17:33:10
Severity
- Medium
+ Low
CVE-2019-20907 edited at 26 Mar 2021 17:31:58
Severity
- Low
+ Medium
Remote
- Local
+ Remote
CVE-2019-20907 edited at 21 Feb 2021 11:01:33
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
References
+ https://bugs.python.org/issue39017
+ https://github.com/python/cpython/pull/21454
+ https://github.com/python/cpython/commit/5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4
CVE-2019-20907 created at 21 Feb 2021 10:59:50
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes