vulnerability researcher in the Trellix Advanced Threat Research team The flaw stems from the fact that code in the extract function in Python's tarfile module explicitly trusts the information in ...