GHSA-f33p-9287-h552, CVE-2022-35410
pypi/mat2
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.
All versions starting from 0 before 0.13.0
Upgrade to version 0.13.0 or above.
2022-07-26
source |