PYSEC-2022-42998
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/py7zr/PYSEC-2022-42998.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2022-42998
- Aliases
- Published
- 2022-12-06T20:15:00Z
- Modified
- 2023-11-08T04:10:49.215802Z
- Summary
- [none]
- Details
-
A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.
- References
Affected packages
PyPI / py7zr
Package
- Name
- py7zr
- View open source insights on deps.dev
- Purl
- pkg:pypi/py7zr
Affected ranges
- Type
- GIT
- Repo
- https://github.com/miurahr/py7zr
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.20.1
Affected versions
0.*
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.2.0
0.3
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.4a1
0.4a2
0.4b1
0.4
0.4.1
0.4.3
0.4.4
0.5a3
0.5a4
0.5b1
0.5b2
0.5b3
0.5b4
0.5b5
0.5b6
0.5rc2
0.5rc3
0.5
0.5.2
0.5.3
0.5.4
0.5.5
0.6a1
0.6a2
0.6b1
0.6b2
0.6b3
0.6b4
0.6b5
0.6b6
0.6b7
0.6b8
0.6rc0
0.6
0.7.0b1
0.7.0b2
0.7.0b3
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.8.0a1
0.8.0a2
0.8.0a3
0.8.0b1
0.8.0b2
0.8.0b3
0.8.0b4
0.8.0b5
0.8.0b6
0.8.0b7
0.8.0b8
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.9.0a1
0.9.0a2
0.9.0b1
0.9.0b2
0.9.0b3
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.7
0.9.8
0.9.9
0.9.10
0.10.0a1
0.10.0a2
0.10.0a3
0.10.0a4
0.10.0a5
0.10.0a6
0.10.0b1
0.10.0b3
0.10.0
0.10.1
0.10.2
0.11.0a1
0.11.0b1
0.11.0b2
0.11.0b3
0.11.0
0.11.1
0.11.2
0.11.3
0.12.0
0.13.0
0.13.1
0.14.0
0.14.1
0.15.0
0.15.1
0.15.2
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.18.0
0.18.1
0.18.3
0.18.4
0.18.5
0.18.6
0.18.7
0.18.9
0.18.10
0.18.11
0.18.12
0.19.0
0.19.1
0.19.2
0.20.0