Unpatched since 2007 The vulnerability is in the Python tarfile package, in code that uses un-sanitized tarfile.extract () function or the built-in defaults of tarfile.extractall ().

But it's a widely known fact that, if you want code to run in a browser, Python is simply no good – you'll just have to turn to JavaScript," it notes. "Now, however, that may be about to change." ...

Developed internally at Google in a hackaton last October, Atheris supports fuzzing Python code written in Python 2.7 and Python 3.3+, but also native extensions created with CPython.

My 10-year-old spends up to 5 hours a week learning to code. Here are the best resources I've found to help him get ahead in his future career.