Sharpziplib Security Vulnerabilities
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that destDir ends with slash. If the destDir is not slash terminated like...
5.3CVSS
5.2AI Score
0.001EPSS
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version...
9.8CVSS
9.5AI Score
0.006EPSS
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that _baseDirectory ends with slash. If the _baseDirectory is not slash...
5.3CVSS
5.2AI Score
0.001EPSS
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as...
5.5CVSS
5.4AI Score
0.002EPSS