CVE-2022-23531

HIGH Year: 2022
CVSS v3 Score
7.8
High
Weakness Type
CWE-23
View all →

Vulnerability Description

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5.

Related Vulnerabilities

CVE-2021-29100

HIGH
CVSS:7.8(High)

A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. An attacker could exploit this vu...

CWE-232021

CVE-2021-43555

HIGH
CVSS:7.8(High)

mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may ...

CWE-232021

CVE-2022-42470

HIGH
CVSS:7.8(High)

A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via...

CWE-232022

CVE-2023-23379

HIGH
CVSS:7.8(High)

Microsoft Defender for IoT Elevation of Privilege Vulnerability

CWE-232023

CVE-2023-34394

HIGH
CVSS:7.8(High)

In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, ...

CWE-232023