CVE-2021-32841
- EPSS 0.38%
- Veröffentlicht 26.01.2022 22:15:07
- Zuletzt bearbeitet 21.11.2024 06:07:51
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. I...
CVE-2021-32840
- EPSS 1.55%
- Veröffentlicht 26.01.2022 21:15:13
- Zuletzt bearbeitet 21.11.2024 06:07:51
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The v...
CVE-2021-32842
- EPSS 0.3%
- Veröffentlicht 26.01.2022 21:15:13
- Zuletzt bearbeitet 21.11.2024 06:07:51
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with...
CVE-2018-1002208
- EPSS 0.55%
- Veröffentlicht 25.07.2018 17:29:02
- Zuletzt bearbeitet 21.11.2024 03:40:40
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.