Unpatched since 2007 The vulnerability is in the Python tarfile package, in code that uses un-sanitized tarfile.extract () function or the built-in defaults of tarfile.extractall ().

Secure Execution: Ensures that untrusted Python code runs in a safe, isolated environment, protecting your system from potential threats. This is particularly important when working with external ...

The PyPI repository has removed a Python package called 'mitmproxy2' that was an identical copy of the official "mitmproxy" library, but with an "artificially introduced" code execution vulnerability.

Given that it is pure python code execution, an attacker doesn’t have to worry about ASLR, Non-Exec Memory, Stack Canaries and other security features that Ubuntu ships by default.