CVE-2024-55587 | python-libarchive up to 4.2.1 zip.py ZipFile.extractall/ZipFile.extract path traversal

Posted by Angelo Barbosa | Dec 11, 2024 | CVE

A vulnerability was found in python-libarchive up to 4.2.1. It has been declared as critical. This vulnerability affects the function ZipFile.extractall/ZipFile.extract of the file zip.py. The manipulation leads to path traversal.

This vulnerability was named CVE-2024-55587. The attack can only be initiated within the local network. There is no exploit available.

CVE-2024-55587 | python-libarchive up to 4.2.1 zip.py ZipFile.extractall/ZipFile.extract path traversal

Related Posts

CVE-2023-45286 | go-resty prior 2.10.0 HTTP Request sync.Pool.Put information disclosure

CVE-2024-6398 | Skyhigh Secure Web Gateway prior 11.2.23/12.2.10 on Windows SWG information disclosure

CVE-2024-0646 | Linux Kernel TLS /net/tls/tls_sw.c tls_sw_sendmsg_splice out-of-bounds write

CVE-2024-8236 | Elementor Website Builder Plugin up to 3.25.7 on WordPress cross site scripting