Lucene search
GoogleOSV:GHSA-MM6G-MMQ6-53FFHistoryFeb 01, 2022 - 4:23 p.m.
Path Traversal in SharpZipLib
2022-02-0116:23:00
Google
osv.dev
6
sharpziplib
path traversal
vulnerability
EPSS
0.001
Percentile
35.7%
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that _baseDirectory ends with slash. If the _baseDirectory is not slash terminated like /home/user/dir it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. /home/user/dir.sh. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. Version 1.3.3 fixed this vulnerability.
Related
prion
prion
Arbitrary file deletion
2022-01-26 21:15:00
cvelist
cvelist
CVE-2021-32842 Path Traversal in SharpZipLib
2022-01-26 21:10:10
debiancve
debiancve
CVE-2021-32842
2022-01-26 21:15:13
github
github
Path Traversal in SharpZipLib
2022-02-01 16:23:00
veracode
veracode
Directory Traversal
2021-12-09 06:25:02
ubuntucve
ubuntucve
CVE-2021-32842
2022-01-26 00:00:00
cve
cve
CVE-2021-32842
2022-01-26 21:15:13
osv
osv
CVE-2021-32842
2022-01-26 21:15:13
nvd
nvd
CVE-2021-32842
2022-01-26 21:15:13