Alert: 15-year-old Python tarfile Flaw Lurks in 'Over 350,000' Code Projects
![7.Locks HexConnections Esm W900](/images/articles/1200x667/7.Locks_HexConnections-esm-w900.webp)
Oh cool, a 5,500-day security hole
At least 350,000 open source projects are believed to be potentially vulnerable to exploitation via a Python module flaw that has remained unfixed for 15 years.
On Tuesday, security firm Trellix said its threat researchers had encountered a vulnerability in Python's tarfile
module, which provides a way to read and write compressed bundles of files known as tar archives. Initially, the bug hunters thought they'd chanced upon a zero-day.