cve/2022/CVE-2022-44900.md

CVE-2022-44900

Description

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.

POC

Reference

• http://packetstormsecurity.com/files/170127/py7zr-0.20.0-Directory-Traversal.html

Github

• https://github.com/0xless/CVE-2022-44900-demo-lab
• https://github.com/ARPSyndicate/cvemon
• https://github.com/k0mi-tg/CVE-POC
• https://github.com/manas3c/CVE-POC
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/whoforget/CVE-POC
• https://github.com/youwizard/CVE-POC