{"id":"CVE-2022-44900","details":"A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.","aliases":["GHSA-m8xw-9x5x-6vh3","PYSEC-2022-42998"],"modified":"2026-04-10T04:52:34.496973Z","published":"2022-12-06T20:15:10.560Z","related":["openSUSE-SU-2024:12586-1","openSUSE-SU-2025:15101-1"],"references":[{"type":"FIX","url":"https://github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406"},{"type":"EVIDENCE","url":"https://lessonsec.com/cve/cve-2022-44900/"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/170127/py7zr-0.20.0-Directory-Traversal.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/miurahr/py7zr","events":[{"introduced":"0"},{"fixed":"3b83939d76f06f15b211ebc56493ec3d6e1bb167"},{"fixed":"1bb43f17515c7f69673a1c88ab9cc72a7bbef406"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.20.1"}]}}],"versions":["v0.0.1","v0.0.2","v0.0.3","v0.0.4","v0.0.5","v0.0.6","v0.0.7","v0.0.8","v0.1.0","v0.1.1","v0.1.2","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.10.0a1","v0.10.1","v0.11.0","v0.11.1","v0.11.2","v0.11.3","v0.12.0","v0.13.0","v0.14.0","v0.14.1","v0.15.0","v0.15.1","v0.15.2","v0.16.0","v0.16.1","v0.16.2","v0.16.3","v0.16.4","v0.17.0","v0.17.1","v0.17.2","v0.17.3","v0.17.4","v0.18.0","v0.18.1","v0.18.3","v0.18.4","v0.18.5","v0.18.6","v0.18.7","v0.18.9","v0.2.0","v0.20.0","v0.3","v0.3.1","v0.3.2","v0.3.3","v0.3.4","v0.3.5","v0.4a1","v0.4a2","v0.4b1","v0.5a1","v0.5a2","v0.5a3","v0.5a4","v0.5b1","v0.5b2","v0.5b3","v0.5b4","v0.5b5","v0.5b6","v0.6","v0.6a1","v0.6a2","v0.6b1","v0.6b2","v0.6b3","v0.6b4","v0.6b5","v0.6b6","v0.6b7","v0.6b8","v0.6rc","v0.7.0","v0.7.0b1","v0.7.0b2","v0.7.0b3","v0.7.1","v0.7.2","v0.7.3","v0.8.0","v0.8.0a1","v0.8.0a2","v0.8.0a3","v0.8.0b1","v0.8.0b2","v0.8.0b3","v0.8.0b4","v0.8.0b5","v0.8.0b6","v0.8.0b7","v0.8.0b8","v0.9.0","v0.9.0a1","v0.9.0a2","v0.9.0b1","v0.9.0b2","v0.9.0b3","v0.9.1","v0.9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-44900.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}