CVE-2022-44900
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-44900
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-44900.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-44900
- Aliases
- Related
- Published
- 2022-12-06T20:15:10Z
- Modified
- 2024-08-01T06:21:22.771436Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.
- References
Affected packages
Git / github.com/miurahr/py7zr
Affected ranges
- Type
- GIT
- Repo
- https://github.com/miurahr/py7zr
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.10.0a1
v0.10.1
v0.11.0
v0.11.1
v0.11.2
v0.11.3
v0.12.0
v0.13.0
v0.14.0
v0.14.1
v0.15.0
v0.15.1
v0.15.2
v0.16.0
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.1
v0.17.2
v0.17.3
v0.17.4
v0.18.0
v0.18.1
v0.18.10
v0.18.3
v0.18.4
v0.18.5
v0.18.6
v0.18.7
v0.18.9
v0.19.0
v0.2.0
v0.20.0
v0.3
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.4a1
v0.4a2
v0.4b1
v0.5a1
v0.5a2
v0.5a3
v0.5a4
v0.5b1
v0.5b2
v0.5b3
v0.5b4
v0.5b5
v0.5b6
v0.6
v0.6a1
v0.6a2
v0.6b1
v0.6b2
v0.6b3
v0.6b4
v0.6b5
v0.6b6
v0.6b7
v0.6b8
v0.6rc
v0.7.0
v0.7.0b1
v0.7.0b2
v0.7.0b3
v0.7.1
v0.7.2
v0.7.3
v0.8.0
v0.8.0a1
v0.8.0a2
v0.8.0a3
v0.8.0b1
v0.8.0b2
v0.8.0b3
v0.8.0b4
v0.8.0b5
v0.8.0b6
v0.8.0b7
v0.8.0b8
v0.9.0
v0.9.0a1
v0.9.0a2
v0.9.0b1
v0.9.0b2
v0.9.0b3
v0.9.1
v0.9.2