{"id":"CVE-2022-48579","details":"UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.","modified":"2026-03-14T12:00:40.763458Z","published":"2023-08-07T04:15:12.073Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00023.html"},{"type":"FIX","url":"https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pmachapman/unrar","events":[{"introduced":"0"},{"fixed":"2ecab6bb5ac4f3b88f270218445496662020205f"}]},{"type":"GIT","repo":"https://github.com/pmachapman/unrar","events":[{"introduced":"0"},{"fixed":"2ecab6bb5ac4f3b88f270218445496662020205f"}]}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"6.2.3"}]},{"events":[{"introduced":"0"},{"fixed":"6.2.3"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48579.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}