EPSS
Percentile
84.0%
py7zr is vulnerable to directory traversal. The vulnerability exists in the SevenZipFile.extractall() function of py7zr.py due to a lack of sanity checks in paths which allows an attacker to traverse through the file system.
SevenZipFile.extractall()
py7zr.py
packetstormsecurity.com/files/170127/py7zr-0.20.0-Directory-Traversal.html
github.com/advisories/GHSA-m8xw-9x5x-6vh3
github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406
github.com/miurahr/py7zr/pull/480
lessonsec.com/cve/cve-2022-44900/