漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
pyLoad: Arbitrary File Deletion via Path Traversal during Encrypted 7z Password Verification
Vulnerability Description
pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives (encrypted files with non-encrypted headers), causing arbitrary file deletion outside of the extraction directory. During password verification, pyLoad derives an archive entry name from 7z listing output and treats it as a filesystem path without constraining it to the extraction directory. This issue has been fixed in version 0.5.0b3.dev97.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
pyLoad 路径遍历漏洞
Vulnerability Description
pyLoad是pyLoad开源的一个用 Python 编写的免费开源下载管理器。 pyLoad 0.5.0b3.dev97之前版本存在路径遍历漏洞,该漏洞源于密码验证期间存在路径遍历,可能导致任意文件删除。
CVSS Information
N/A
Vulnerability Type
N/A