ZStandard and Brotli is not default methods of 7-zip, so these archives are considered Py7zr try checking symbolic links strictly and raise ValueError when bad link is requested,īut it does not guarantee to block all the bad cases. Supported algorithmsĪ feature handling symbolic link is basically compatible with p7zip implementation,īut not work with original 7-zip because the original does not implement the feature. Py7zr is also able to encrypt and decrypt data using 3rd party encryption library. It also supports ZStandard, Brotli and PPMd with third party libraries. Py7zr supports algorithms and filters which lzma module and liblzma support,Īnd supports BZip2 and Deflate that are implemented in python core libraries, Matteo Cosentino for notification and coorporation on security improvement. You are recommend to update immediately to version 0.20.2 or later, 0.19.2 or 0.18.12 Īffected versions are vulnerable to Directory Traversal due to insufficient checks in the ‘py7zr.py’ and ‘helpers.py’ files
Version 0.20.0, 0.19.0, 0.18.10 or before has a vulnerability for path traversal attack.ĭetails are on “CVE-2022-44900: path traversal vulnerability in py7zr” disclose article. Py7zr is a library and utility to support 7zip archive compression, decompression,Įncryption and decryption written by Python programming language.
0 kommentar(er)
