VYPR

NuGet package

sharpziplib

pkg:nuget/sharpziplib

Vulnerabilities (4)

  • CVE-2021-32841Jan 26, 2022
    affected >= 1.3.0, < 1.3.3fixed 1.3.3

    SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the `destDir` is not slash t

  • CVE-2021-32842Jan 26, 2022
    affected >= 1.0.0, < 1.3.3fixed 1.3.3

    SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slash. If the _baseDirectory

  • CVE-2021-32840Jan 26, 2022
    affected < 1.3.3fixed 1.3.3

    SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in ve

  • CVE-2018-1002208MedJul 25, 2018
    affected < 1.0.0-rc1fixed 1.0.0-rc1

    SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.