1. Home
  2. Vulnerabilities
  3. CVE-2022-44900

CVE-2022-44900

CVSS v3.1 9.1 (Critical)
91% Progress
EPSS 1.01 % (84th)
1.01% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.

Weaknesses
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2022-12-06 20:15:10
(21 months ago)
Updated Date
2022-12-09 14:28:53
(21 months ago)

Affected Products

Py7zr Project

Configuration #1

    CPE23 From Up To
  Py7zr Project Py7zr for Python prior 0.20.1 version cpe:2.3:a:py7zr_project:py7zr::*:*:*:*:python < 0.20.1