HIGH 7.5
PYSEC-2026-826
sviehb/jefferson vulnerable to path traversal
상세
A vulnerability has been found in the sviehb/jefferson JFFS2 filesystem extraction tool. This vulnerability affects unknown code of the file `src/scripts/jefferson`. The manipulation leads to path traversal. The attack can be initiated remotely. Upgrading to version 0.4 is able to address this issue as it includes https://github.com/sviehb/jefferson/commit/53b3f2fc34af0bb32afbcee29d18213e61471d87.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://nvd.nist.gov/vuln/detail/CVE-2022-4885 [ADVISORY]
- https://github.com/sviehb/jefferson/pull/36 [WEB]
- https://github.com/sviehb/jefferson/commit/53b3f2fc34af0bb32afbcee29d18213e61471d87 [WEB]
- https://github.com/sviehb/jefferson [PACKAGE]
- https://github.com/sviehb/jefferson/releases/tag/v0.4 [WEB]
- https://vuldb.com/?ctiid.218020 [WEB]
- https://vuldb.com/?id.218020 [WEB]
- https://pypi.org/project/jefferson [PACKAGE]
- https://github.com/advisories/GHSA-7jrw-p8jc-v6qw [ADVISORY]