HIGH 7.5
PYSEC-2026-826
sviehb/jefferson vulnerable to path traversal
Details
A vulnerability has been found in the sviehb/jefferson JFFS2 filesystem extraction tool. This vulnerability affects unknown code of the file `src/scripts/jefferson`. The manipulation leads to path traversal. The attack can be initiated remotely. Upgrading to version 0.4 is able to address this issue as it includes https://github.com/sviehb/jefferson/commit/53b3f2fc34af0bb32afbcee29d18213e61471d87.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-4885 [ADVISORY]
- https://github.com/sviehb/jefferson/pull/36 [WEB]
- https://github.com/sviehb/jefferson/commit/53b3f2fc34af0bb32afbcee29d18213e61471d87 [WEB]
- https://github.com/sviehb/jefferson [PACKAGE]
- https://github.com/sviehb/jefferson/releases/tag/v0.4 [WEB]
- https://vuldb.com/?ctiid.218020 [WEB]
- https://vuldb.com/?id.218020 [WEB]
- https://pypi.org/project/jefferson [PACKAGE]
- https://github.com/advisories/GHSA-7jrw-p8jc-v6qw [ADVISORY]