sevenz-rust2 is vulnerable to Path Traversal
70
High Risk
sevenz-rust2 extracts 7z archives by joining each archive entry name directly onto the destination directory without validating it. A crafted archive whose entry names contain .. traversal sequences, absolute paths, or Windows drive/root prefixes causes extracted files to be written outside the intended destination directory. An attacker who supplies a malicious archive can overwrite arbitrary files on the system, which can lead to code execution. The fix adds a safe_join helper that rejects parent-directory, root, and drive-prefix components and treats backslashes as separators on every platform.
You are affected if you are using a version that falls within the vulnerable range and your application extracts untrusted or attacker-supplied 7z archives.
sevenz-rust2 is vulnerable to Path Traversal in versions 0.7.0 - 0.21.0.
Upgrade the sevenz-rust2 library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant