{"id":"PYSEC-2022-42998","details":"A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.","aliases":["CVE-2022-44900","GHSA-m8xw-9x5x-6vh3"],"modified":"2023-11-08T04:10:49.215802Z","published":"2022-12-06T20:15:00Z","references":[{"type":"FIX","url":"https://github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/170127/py7zr-0.20.0-Directory-Traversal.html"},{"type":"WEB","url":"https://lessonsec.com/cve/cve-2022-44900/"}],"affected":[{"package":{"name":"py7zr","ecosystem":"PyPI","purl":"pkg:pypi/py7zr"},"ranges":[{"type":"GIT","repo":"https://github.com/miurahr/py7zr","events":[{"introduced":"0"},{"fixed":"1bb43f17515c7f69673a1c88ab9cc72a7bbef406"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.20.1"}]}],"versions":["0.0.3","0.0.4","0.0.5","0.0.6","0.0.7","0.0.8","0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.10.0","0.10.0a1","0.10.0a2","0.10.0a3","0.10.0a4","0.10.0a5","0.10.0a6","0.10.0b1","0.10.0b3","0.10.1","0.10.2","0.11.0","0.11.0a1","0.11.0b1","0.11.0b2","0.11.0b3","0.11.1","0.11.2","0.11.3","0.12.0","0.13.0","0.13.1","0.14.0","0.14.1","0.15.0","0.15.1","0.15.2","0.16.0","0.16.1","0.16.2","0.16.3","0.16.4","0.17.0","0.17.1","0.17.2","0.17.3","0.17.4","0.18.0","0.18.1","0.18.10","0.18.11","0.18.12","0.18.3","0.18.4","0.18.5","0.18.6","0.18.7","0.18.9","0.19.0","0.19.1","0.19.2","0.2.0","0.20.0","0.3","0.3.1","0.3.2","0.3.3","0.3.4","0.3.5","0.4","0.4.1","0.4.3","0.4.4","0.4a1","0.4a2","0.4b1","0.5","0.5.2","0.5.3","0.5.4","0.5.5","0.5a3","0.5a4","0.5b1","0.5b2","0.5b3","0.5b4","0.5b5","0.5b6","0.5rc2","0.5rc3","0.6","0.6a1","0.6a2","0.6b1","0.6b2","0.6b3","0.6b4","0.6b5","0.6b6","0.6b7","0.6b8","0.6rc0","0.7.0","0.7.0b1","0.7.0b2","0.7.0b3","0.7.1","0.7.2","0.7.3","0.7.4","0.8.0","0.8.0a1","0.8.0a2","0.8.0a3","0.8.0b1","0.8.0b2","0.8.0b3","0.8.0b4","0.8.0b5","0.8.0b6","0.8.0b7","0.8.0b8","0.8.1","0.8.2","0.8.3","0.8.4","0.8.5","0.9.0","0.9.0a1","0.9.0a2","0.9.0b1","0.9.0b2","0.9.0b3","0.9.1","0.9.10","0.9.2","0.9.3","0.9.4","0.9.5","0.9.7","0.9.8","0.9.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/py7zr/PYSEC-2022-42998.yaml"}}],"schema_version":"1.7.3"}