PyPI is the official Python Package Index that currently contains 500,972 projects, 5,228,535 million releases, 9,950,103 million files, and 770,841 users. PyPI helps users locate and install ...

Unpatched since 2007 The vulnerability is in the Python tarfile package, in code that uses un-sanitized tarfile.extract () function or the built-in defaults of tarfile.extractall ().