Search for packages
| purl | pkg:nuget/SharpZipLib@1.1.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1qhk-r5sq-zqhm
Aliases: CVE-2021-32842 GHSA-mm6g-mmq6-53ff |
Path traversal in SharpZipLib SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. A check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slash. If the `_baseDirectory` is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. fixed this vulnerability. |
Affected by 0 other vulnerabilities. |
|
VCID-fxh1-kq9x-6bbz
Aliases: CVE-2021-32840 GHSA-m22m-h4rf-pwq3 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. A TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||