High severity8.8NVD Advisory· Published Dec 12, 2024· Updated Apr 15, 2026
CVE-2024-55587
CVE-2024-55587
Description
python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
python-libarchivePyPI | <= 4.2.1 | — |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-75mx-hw5q-pvx3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-55587ghsaADVISORY
- github.com/smartfile/python-libarchive/blob/c7677411bfc4ab5701d343bc6ebd9e35c990e80e/libarchive/zip.pynvdWEB
- github.com/smartfile/python-libarchive/issues/42nvdWEB
- github.com/smartfile/python-libarchive/pull/41nvdWEB
News mentions
0No linked articles in our index yet.