http://bugzilla.opensuse.org/show_bug.cgi?id=1206141 Bug ID: 1206141 Summary: VUL-0: CVE-2022-44900: python-py7zr: directory traversal vulnerability in the SevenZipFile.extractall() Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other URL: https://smash.suse.de/issue/349934/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: code@bnavigator.de Reporter: thomas.leroy@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2022-44900 A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44900 https://www.cve.org/CVERecord?id=CVE-2022-44900 https://github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbe... -- You are receiving this mail because: You are on the CC list for the bug.