VulnerableCode Package Details - pkg:nuget/SharpZipLib@1.3.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-1qhk-r5sq-zqhm Aliases: CVE-2021-32842 GHSA-mm6g-mmq6-53ff	Path traversal in SharpZipLib SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. A check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slash. If the `_baseDirectory` is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. fixed this vulnerability.	1.3.3 Affected by 0 other vulnerabilities.
VCID-eadx-224r-vyhs Aliases: CVE-2021-32841 GHSA-2x7h-96h5-rq84	Path traversal in SharpZipLib SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. A check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the `destDir` is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins with the destination directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. contains a patch for this vulnerability.	1.3.3 Affected by 0 other vulnerabilities.
VCID-fxh1-kq9x-6bbz Aliases: CVE-2021-32840 GHSA-m22m-h4rf-pwq3	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. A TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution.	1.3.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1qhk-r5sq-zqhm
Aliases:
CVE-2021-32842
GHSA-mm6g-mmq6-53ff

Path traversal in SharpZipLib SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. A check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slash. If the `_baseDirectory` is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. fixed this vulnerability.

1.3.3
Affected by 0 other vulnerabilities.

VCID-eadx-224r-vyhs
Aliases:
CVE-2021-32841
GHSA-2x7h-96h5-rq84

Path traversal in SharpZipLib SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. A check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the `destDir` is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins with the destination directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. contains a patch for this vulnerability.

1.3.3
Affected by 0 other vulnerabilities.

VCID-fxh1-kq9x-6bbz
Aliases:
CVE-2021-32840
GHSA-m22m-h4rf-pwq3

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. A TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution.

1.3.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:38:20.599148+00:00	GitLab Importer	Affected by	VCID-1qhk-r5sq-zqhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32842.yml	38.4.0
2026-04-16T21:38:20.021276+00:00	GitLab Importer	Affected by	VCID-fxh1-kq9x-6bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32840.yml	38.4.0
2026-04-16T21:38:16.545967+00:00	GitLab Importer	Affected by	VCID-eadx-224r-vyhs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32841.yml	38.4.0
2026-04-11T22:52:56.599661+00:00	GitLab Importer	Affected by	VCID-1qhk-r5sq-zqhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32842.yml	38.3.0
2026-04-11T22:52:56.323575+00:00	GitLab Importer	Affected by	VCID-fxh1-kq9x-6bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32840.yml	38.3.0
2026-04-11T22:52:49.545862+00:00	GitLab Importer	Affected by	VCID-eadx-224r-vyhs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32841.yml	38.3.0
2026-04-02T23:02:18.936012+00:00	GitLab Importer	Affected by	VCID-1qhk-r5sq-zqhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32842.yml	38.1.0
2026-04-02T23:02:18.652691+00:00	GitLab Importer	Affected by	VCID-fxh1-kq9x-6bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32840.yml	38.1.0
2026-04-02T23:02:12.400030+00:00	GitLab Importer	Affected by	VCID-eadx-224r-vyhs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32841.yml	38.1.0
2026-04-01T17:21:09.309968+00:00	GitLab Importer	Affected by	VCID-1qhk-r5sq-zqhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32842.yml	38.0.0
2026-04-01T17:21:09.033776+00:00	GitLab Importer	Affected by	VCID-fxh1-kq9x-6bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32840.yml	38.0.0
2026-04-01T17:21:01.916520+00:00	GitLab Importer	Affected by	VCID-eadx-224r-vyhs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/SharpZipLib/CVE-2021-32841.yml	38.0.0