cognitive cybersecurity intelligence

News and Analysis

Search

Trellix automates tackling open source vulnerabilities at scale

Cybersecurity firm Trellix has patched over 61,000 open-source projects vulnerable to a 15-year-old Python bug related to the tarfile module. The widespread security flaw was reportedly embedded in around 350,000 open-source projects and potentially numerous closed-source projects. Trellix and GitHub used an automated tool to patch the repositories containing the vulnerable code. The Python bug could allow “user-assisted remote attackers” to overwrite arbitrary files. Recent discussions suggest the vulnerability may soon be patched in Python itself.

Source: portswigger.net –

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts

Our top 10 news stories

Here are the ten biggest digital health and tech news stories of 2024: cancellation of the NHS’s £300m digital pathways framework; NHS hitting a “tipping