Lucene search

K

GoogleOSV:GHSA-M8XW-9X5X-6VH3

HistoryDec 06, 2022 - 9:30 p.m.

py7zr directory traversal vulnerability

2022-12-0621:30:45

Google

osv.dev

11

sevenzipfile.extractall

python library

directory traversal

vulnerability

arbitrary files

7z file

software

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.008 Low

EPSS

Percentile

81.3%

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.

CPENameOperatorVersion
py7zreq0.15.1
py7zreq0.18.12
py7zreq0.7.0
py7zreq0.17.4
py7zreq0.11.0b2
py7zreq0.20.0
py7zreq0.11.0b1
py7zreq0.6b6
py7zreq0.7.4
py7zreq0.9.0

Rows per page:

1-10 of 1461

References

packetstormsecurity.com/files/170127/py7zr-0.20.0-Directory-Traversal.html

advisory-inbox.githubapp.com/advisory_reviews/GHSA-m8xw-9x5x-6vh3

github.com/miurahr/py7zr

github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406

lessonsec.com/cve/cve-2022-44900

nvd.nist.gov/vuln/detail/CVE-2022-44900

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.008 Low

EPSS

Percentile

81.3%

Related for OSV:GHSA-M8XW-9X5X-6VH3

githubexploit1 osv3 veracode1 openvas1 nvd1 debiancve1 ubuntucve1 debian1 cvelist1 cve1 prion1 zdt1 nessus1 packetstorm1 github1