Python, the popular high-level, general-purpose programming language, is designed to emphasize code readability with the use of significant indentation.
But it's more than just that, because Python that is dynamically-typed and garbage-collected, has an intuitive syntax, basic control flow, and data structures. It also allows multiple programming paradigms, including structured (particularly procedural), object-oriented and functional programming.
What's more, it also supports interpretive run-time, without standard compiler languages.
While Python has a standard library in development, it has libraries like TensorFlow, Keras, Pytorch, and Scikit-learn. As a scripting language with a modular architecture, simple syntax, and rich text processing tools,
All of these make Python especially useful for prototyping algorithms for AI.
And this time, a serious flaw has been found, with the possibility of affecting the overall AI industry.

According to report, a vulnerability found in the Python tarfile module, which is a default module in any project using Python.
Because of this, it's like saying all frameworks created by Google, Meta (Facebook), Amazon's AWS, Netflix, and much more are made vulnerable because of this particular Python bug.
The vulnerability can be exploited by uploading a specially crafted malicious file generated with only a few lines of simple code.
This can allow attackers arbitrary code execution, or control of a target device.
“When we talk about supply chain threats, we typically refer to cyber-attacks like the SolarWinds incident, however building on top of weak code-foundations can have an equally severe impact,” said Christiaan Beek, Head of Adversarial & Vulnerability Research, Trellix. “This vulnerability’s pervasiveness is furthered by industry tutorials and online materials propagating its incorrect usage. It’s critical for developers to be educated on all layers of the technology stack to properly prevent the reintroduction of past attack surfaces.”
"Initially we thought we had found a new zero-day vulnerability. As we dug into the issue, we realized this was in fact CVE-2007-4559. The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the '..' sequence to filenames in a TAR archive.," the report said.
In other words, the bug has been around for at least 15 years.
"Over the course of our research into the impact of this vulnerability we discovered that hundreds of thousands of repositories were vulnerable to this vulnerability. While the vulnerability was originally only marked as a 6.8, we were able to confirm that in most cases an attacker can gain code execution from the file write," Trellix explained.
According to Trellix, the vulnerability is estimated to be present in over 350,000 open-source projects and prevalent in closed-source projects.
In the world where software development is speeding up, open-source developer tools can be considered a godsend.
These tools can speed up, and even help advance computing and innovation, and protection from known vulnerabilities requires industry collaboration.
Because the Python programming language is so crucial to the industry, and that the bug is affecting far too many open-source projects, researchers are working to push an update via GitHub pull request to protect open-source projects from the vulnerability.
A free tool for developers to check if their applications are vulnerable is already made available on GitHub, and the complete research is available at Trellix.














































































































































































































































































































































































