High severity7.5NVD Advisory· Published Jul 8, 2022· Updated Jun 17, 2026
CVE-2022-35410
CVE-2022-35410
Description
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mat2PyPI | < 0.13.0 | 0.13.0 |
Affected products
2- mat2/metadata anonymisation toolkitdescription
Patches
Vulnerability mechanics
References
8- dustri.org/b/mat2-0130.htmlnvdPatchThird Party AdvisoryWEB
- 0xacab.org/jvoisin/mat2/-/commit/beebca4bf1cd3b935824c966ce077e7bcf610385nvdExploitPatchVendor AdvisoryWEB
- 0xacab.org/jvoisin/mat2/-/issues/174nvdExploitIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-f33p-9287-h552ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-35410ghsaADVISORY
- www.debian.org/security/2022/dsa-5185nvdThird Party AdvisoryWEB
- 0xacab.org/jvoisin/mat2ghsaPACKAGE
- github.com/pypa/advisory-database/tree/main/vulns/mat2/PYSEC-2022-223.yamlghsaWEB
News mentions
0No linked articles in our index yet.