CVE-2024-55587: python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract.
0.0
CVSS
Description
python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract.
Classification
CVE ID: CVE-2024-55587
CVSS Base Severity: LOW
CVSS Base Score: 0.0
Affected Products
Vendor: n/a
Product: n/a
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 17.83% (scored less or equal to compared to others)
EPSS Date: 2025-02-04 (when was this score calculated)
References
https://github.com/smartfile/python-libarchive/blob/c7677411bfc4ab5701d343bc6ebd9e35c990e80e/libarchive/zip.py#L107https://github.com/smartfile/python-libarchive/issues/42
https://github.com/smartfile/python-libarchive/pull/41