Headline
GHSA-f33p-9287-h552: Directory traversal in mat2
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows …/ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.
Directory traversal in mat2
Moderate severity GitHub Reviewed Published Jul 12, 2022 • Updated Jul 12, 2022
Related news
CVE-2022-35410: Prevent arbitrary file read via zip archives (beebca4b) · Commits · jvoisin / mat2 · GitLab
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.