Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-m8xw-9x5x-6vh3: py7zr directory traversal vulnerability

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.

ghsa
#vulnerability#git

py7zr directory traversal vulnerability

High severity GitHub Reviewed Published Dec 6, 2022 • Updated Dec 6, 2022

Related news

Ubuntu Security Notice USN-7030-1

Ubuntu Security Notice 7030-1 - It was discovered that py7zr was vulnerable to path traversal attacks. If a user or automated system were tricked into extracting a specially crafted 7z archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host.

Debian Security Advisory 5652-1

Debian Linux Security Advisory 5652-1 - A directory traversal vulnerability was discovered in py7zr, a library and command-line utility to process 7zip archives.

py7zr 0.20.0 Directory Traversal

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr versions 0.20.0 and earlier allows attackers to read arbitrary files on the local machine via a malicious 7z file extraction.

CVE-2022-44900: Fix sanity check for path traversal attack · miurahr/py7zr@1bb43f1

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP