VulnerableCode Package Details - pkg:nuget/SharpZipLib@1.0.0-alpha2

Search for packages

Vulnerability	Summary	Fixed by
VCID-fxh1-kq9x-6bbz Aliases: CVE-2021-32840 GHSA-m22m-h4rf-pwq3	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. A TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution.	1.3.3 Affected by 0 other vulnerabilities.
VCID-xzc1-cy42-2ub4 Aliases: CVE-2018-1002208 GHSA-cqj4-m2pc-v9m5	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.	1.0.0-rc1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-fxh1-kq9x-6bbz
Aliases:
CVE-2021-32840
GHSA-m22m-h4rf-pwq3

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. A TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution.

1.3.3
Affected by 0 other vulnerabilities.

VCID-xzc1-cy42-2ub4
Aliases:
CVE-2018-1002208
GHSA-cqj4-m2pc-v9m5

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

1.0.0-rc1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:49:41.756000+00:00	GitLab Importer	Affected by	VCID-xzc1-cy42-2ub4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2018-1002208.yml	38.4.0
2026-04-16T21:38:20.010578+00:00	GitLab Importer	Affected by	VCID-fxh1-kq9x-6bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32840.yml	38.4.0
2026-04-11T23:05:42.838055+00:00	GitLab Importer	Affected by	VCID-xzc1-cy42-2ub4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2018-1002208.yml	38.3.0
2026-04-11T22:52:56.298601+00:00	GitLab Importer	Affected by	VCID-fxh1-kq9x-6bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32840.yml	38.3.0
2026-04-02T23:13:58.043214+00:00	GitLab Importer	Affected by	VCID-xzc1-cy42-2ub4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2018-1002208.yml	38.1.0
2026-04-02T23:02:18.629959+00:00	GitLab Importer	Affected by	VCID-fxh1-kq9x-6bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32840.yml	38.1.0
2026-04-01T17:21:09.005608+00:00	GitLab Importer	Affected by	VCID-fxh1-kq9x-6bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32840.yml	38.0.0
2026-04-01T16:01:35.678074+00:00	GHSA Importer	Affected by	VCID-xzc1-cy42-2ub4	https://github.com/advisories/GHSA-cqj4-m2pc-v9m5	38.0.0
2026-04-01T12:50:23.627567+00:00	GitLab Importer	Affected by	VCID-xzc1-cy42-2ub4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2018-1002208.yml	38.0.0