CVE-2022-35410

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in pypi/mat2

Identifiers

GHSA-f33p-9287-h552, CVE-2022-35410

Package Slug

pypi/mat2

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.

Affected Versions

All versions starting from 0 before 0.13.0

Solution

Upgrade to version 0.13.0 or above.

Last Modified

2022-07-26

source