GHSA-m8xw-9x5x-6vh3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m8xw-9x5x-6vh3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-m8xw-9x5x-6vh3/GHSA-m8xw-9x5x-6vh3.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-m8xw-9x5x-6vh3
- Aliases
- Published
- 2022-12-06T21:30:45Z
- Modified
- 2024-10-18T22:23:21.071814Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- py7zr directory traversal vulnerability
- Details
-
A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.
- Database specific
{ "cwe_ids": [ "CWE-22" ], "github_reviewed": true, "github_reviewed_at": "2022-12-06T22:34:58Z", "severity": "CRITICAL", "nvd_published_at": "2022-12-06T20:15:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-44900
- https://github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406
- https://advisory-inbox.githubapp.com/advisory_reviews/GHSA-m8xw-9x5x-6vh3
- https://github.com/miurahr/py7zr
- https://github.com/pypa/advisory-database/tree/main/vulns/py7zr/PYSEC-2022-42998.yaml
- https://lessonsec.com/cve/cve-2022-44900
- http://packetstormsecurity.com/files/170127/py7zr-0.20.0-Directory-Traversal.html
Affected packages
PyPI / py7zr
Package
- Name
- py7zr
- View open source insights on deps.dev
- Purl
- pkg:pypi/py7zr
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.20.1
Affected versions
0.*
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.2.0
0.3
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.4a1
0.4a2
0.4b1
0.4
0.4.1
0.4.3
0.4.4
0.5a3
0.5a4
0.5b1
0.5b2
0.5b3
0.5b4
0.5b5
0.5b6
0.5rc2
0.5rc3
0.5
0.5.2
0.5.3
0.5.4
0.5.5
0.6a1
0.6a2
0.6b1
0.6b2
0.6b3
0.6b4
0.6b5
0.6b6
0.6b7
0.6b8
0.6rc0
0.6
0.7.0b1
0.7.0b2
0.7.0b3
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.8.0a1
0.8.0a2
0.8.0a3
0.8.0b1
0.8.0b2
0.8.0b3
0.8.0b4
0.8.0b5
0.8.0b6
0.8.0b7
0.8.0b8
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.9.0a1
0.9.0a2
0.9.0b1
0.9.0b2
0.9.0b3
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.7
0.9.8
0.9.9
0.9.10
0.10.0a1
0.10.0a2
0.10.0a3
0.10.0a4
0.10.0a5
0.10.0a6
0.10.0b1
0.10.0b3
0.10.0
0.10.1
0.10.2
0.11.0a1
0.11.0b1
0.11.0b2
0.11.0b3
0.11.0
0.11.1
0.11.2
0.11.3
0.12.0
0.13.0
0.13.1
0.14.0
0.14.1
0.15.0
0.15.1
0.15.2
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.18.0
0.18.1
0.18.3
0.18.4
0.18.5
0.18.6
0.18.7
0.18.9
0.18.10
0.18.11
0.18.12
0.19.0
0.19.1
0.19.2
0.20.0