Trellix automates tackling open source vulnerabilities at scale

Cybersecurity firm Trellix has patched over 61,000 open-source projects vulnerable to a 15-year-old Python bug related to the tarfile module. The widespread security flaw was reportedly embedded in around 350,000 open-source projects and potentially numerous closed-source projects. Trellix and GitHub used an automated tool to patch the repositories containing the vulnerable code. The Python bug could allow “user-assisted remote attackers” to overwrite arbitrary files. Recent discussions suggest the vulnerability may soon be patched in Python itself.