Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:15 a.m.5 views

CVE-2022-44900

A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file...

9.1CVSS6.8AI score0.02242EPSS
Exploits3References1
Ubuntu
Ubuntu
added 2024/09/24 8:8 a.m.11 views

USN-7030-1: py7zr vulnerability

It was discovered that py7zr was vulnerable to path traversal attacks. If a user or automated system were tricked into extracting a specially crafted 7z archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host...

9.1CVSS8.2AI score0.02242EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2022/12/06 9:30 p.m.4 views

aqtinstall (=0.9.8), brevettiai (>=0.5.4 <=0.8.5) +19 more potentially affected by CVE-2022-44900 via py7zr (>=0.10.2 <=0.18.5)

py7zr PYPI version =0.10.2, =0.5.4, =0.1.0, =1.1.1.dev1, =1.2.0, =1.1.6, =0.1.0, =1.0.0, =1.1.1, =0.2.6, =2.0.0, =0.2.8, =4.6.0.dev1 and more Source cves: CVE-2022-44900 Source advisory: OSV:GHSA-M8XW-9X5X-6VH3...

9.1CVSS7.7AI score0.02242EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2022/12/06 8:15 p.m.2 views

aqtinstall (=0.9.8), brevettiai (>=0.5.4 <=0.8.5) +19 more potentially affected by CVE-2022-44900 via py7zr (>=0.10.2 <=0.18.5)

py7zr PYPI version =0.10.2, =0.5.4, =0.1.0, =1.1.1.dev1, =1.2.0, =1.1.6, =0.1.0, =1.0.0, =1.1.1, =0.2.6, =2.0.0, =0.2.8, =4.6.0.dev1 and more Source cves: CVE-2022-44900 Source advisory: OSV:PYSEC-2022-42998...

9.1CVSS7.2AI score0.02242EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2022/12/06 12:0 a.m.4 views

CVE-2022-44900

A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file...

6.7AI score0.02242EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2022/12/06 12:0 a.m.5 views

PT-2022-27330 · Py7Zr +2 · Py7Zr +2

Name of the Vulnerable Software and Affected Versions: py7zr versions 0.20.0 and earlier Description: A directory traversal issue in the SevenZipFile.extractall function allows attackers to write arbitrary files by extracting a crafted 7z file. Recommendations: For py7zr versions 0.20.0 and...

9.3CVSS9AI score0.02242EPSS
Exploits3References26
CNNVD
CNNVD
added 2022/12/06 12:0 a.m.4 views

py7zr 路径遍历漏洞

py7zr is a library and utility program by the individual developer Hiroshi Miura. It supports compression, decompression, encryption and decryption of 7zip archives written in the Python programming language. A security vulnerability exists in py7zr version v0.20.0 and earlier versions. An attack...

9.1CVSS8.4AI score0.02242EPSS
Exploits3References7
Rows per page
Query Builder