NuGet package
sharpziplib
pkg:nuget/sharpziplib
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-32841 | — | >= 1.3.0, < 1.3.3 | 1.3.3 | Jan 26, 2022 | SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the `destDir` is not slash t | ||
| CVE-2021-32842 | — | >= 1.0.0, < 1.3.3 | 1.3.3 | Jan 26, 2022 | SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slash. If the _baseDirectory | ||
| CVE-2021-32840 | — | < 1.3.3 | 1.3.3 | Jan 26, 2022 | SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in ve | ||
| CVE-2018-1002208 | Med | 5.5 | < 1.0.0-rc1 | 1.0.0-rc1 | Jul 25, 2018 | SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
- CVE-2021-32841Jan 26, 2022affected >= 1.3.0, < 1.3.3fixed 1.3.3
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the `destDir` is not slash t
- CVE-2021-32842Jan 26, 2022affected >= 1.0.0, < 1.3.3fixed 1.3.3
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slash. If the _baseDirectory
- CVE-2021-32840Jan 26, 2022affected < 1.3.3fixed 1.3.3
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in ve
- affected < 1.0.0-rc1fixed 1.0.0-rc1
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.