PyPi: Py7zr

CVE-2022-44900

Safety vulnerability ID: 52349

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Dec 06, 2022 Updated at Aug 08, 2024

Scan your Python projects for vulnerabilities →

Advisory

Py7zr 0.20.1 includes a fix for CVE-2022-44900: A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.

Affected package

py7zr

Latest version: 0.22.0

Pure python 7-zip library

Affected versions

Fixed versions

Vulnerability changelog

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file. See CVE-2022-44900.

MISC:https://github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406: https://github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.1

CVSS v3 Details

CRITICAL 9.1

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): NONE