Lucene search
HistoryDec 06, 2022 - 8:15 p.m.
CVE-2022-44900
sevenzipfile.extractall function python library py7zr crafted 7z file arbitrary files vulnerability
.
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.008 Low
EPSS
Percentile
81.3%
A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.
Affected configurations
Node
py7zr_projectpy7zrRange<0.20.1python
Related
veracode
veracode
Directory Traversal
2022-12-08 10:56:43
osv
osv
CVE-2022-44900
2022-12-06 20:15:10
py7zr - security update
2024-04-02 00:00:00
PYSEC-2022-42998
2022-12-06 20:15:00
githubexploit
githubexploit
Exploit for Path Traversal in Py7Zr Project Py7Zr
2023-01-21 14:52:59
openvas
openvas
Debian: Security Advisory (DSA-5652-1)
2024-04-04 00:00:00
debiancve
debiancve
CVE-2022-44900
2022-12-06 20:15:10
ubuntucve
ubuntucve
CVE-2022-44900
2022-12-06 00:00:00
debian
debian
[SECURITY] [DSA 5652-1] py7zr security update
2024-04-02 18:01:49
cvelist
cvelist
CVE-2022-44900
2022-12-06 00:00:00
cve
cve
CVE-2022-44900
2022-12-06 20:15:10
prion
prion
Directory traversal
2022-12-06 20:15:00
zdt
zdt
py7zr 0.20.0 Directory Traversal Vulnerability
2022-12-07 00:00:00
nessus
nessus
Debian dsa-5652 : python-py7zr-doc - security update
2024-04-02 00:00:00
packetstorm
packetstorm
py7zr 0.20.0 Directory Traversal
2022-12-07 00:00:00
github
github
py7zr directory traversal vulnerability
2022-12-06 21:30:45
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.008 Low
EPSS
Percentile
81.3%
Related for NVD:CVE-2022-44900