VulnerableCode Package Details - pkg:nuget/SharpZipLib@1.0.0-rc1

Search for packages

Vulnerability	Summary	Fixed by
VCID-fxh1-kq9x-6bbz Aliases: CVE-2021-32840 GHSA-m22m-h4rf-pwq3	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. A TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution.	1.3.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-fxh1-kq9x-6bbz
Aliases:
CVE-2021-32840
GHSA-m22m-h4rf-pwq3

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. A TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution.

1.3.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-xzc1-cy42-2ub4	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.	CVE-2018-1002208 GHSA-cqj4-m2pc-v9m5

Vulnerability

Summary

Aliases

VCID-xzc1-cy42-2ub4

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

CVE-2018-1002208
GHSA-cqj4-m2pc-v9m5

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:49:41.759547+00:00	GitLab Importer	Fixing	VCID-xzc1-cy42-2ub4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2018-1002208.yml	38.4.0
2026-04-16T21:38:20.012089+00:00	GitLab Importer	Affected by	VCID-fxh1-kq9x-6bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32840.yml	38.4.0
2026-04-11T23:05:42.842092+00:00	GitLab Importer	Fixing	VCID-xzc1-cy42-2ub4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2018-1002208.yml	38.3.0
2026-04-11T22:52:56.302370+00:00	GitLab Importer	Affected by	VCID-fxh1-kq9x-6bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32840.yml	38.3.0
2026-04-02T23:13:58.046478+00:00	GitLab Importer	Fixing	VCID-xzc1-cy42-2ub4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2018-1002208.yml	38.1.0
2026-04-02T23:02:18.633118+00:00	GitLab Importer	Affected by	VCID-fxh1-kq9x-6bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32840.yml	38.1.0
2026-04-01T17:21:09.009304+00:00	GitLab Importer	Affected by	VCID-fxh1-kq9x-6bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32840.yml	38.0.0
2026-04-01T16:01:35.681380+00:00	GHSA Importer	Fixing	VCID-xzc1-cy42-2ub4	https://github.com/advisories/GHSA-cqj4-m2pc-v9m5	38.0.0
2026-04-01T13:07:48.982425+00:00	GithubOSV Importer	Fixing	VCID-xzc1-cy42-2ub4	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cqj4-m2pc-v9m5/GHSA-cqj4-m2pc-v9m5.json	38.0.0
2026-04-01T12:50:23.629995+00:00	GitLab Importer	Fixing	VCID-xzc1-cy42-2ub4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2018-1002208.yml	38.0.0