CVE-2021-39208

CVE-2021-39208 applies to SharpCompress (a fully managed C# library for various compression formats). Versions prior to 0.29.0 are vulnerable to partial path traversal during extraction when ExtractionOptions.ExtractFullPath is true. The code validates that destinationFileName begins with fullDes...

SharpCompress 路径遍历漏洞

SharpCompress is a pure C compression library. NET Standard 2.0, 2.1, .NET Core 3.1 and .NET 5.0. SharpCompress suffers from a path traversal vulnerability that stems from ExtractFullPath being set to true and SharpCompress recreating the directory hierarchy under destinationDirectory. An attacke...

Directory Traversal in SharpCompress

SharpCompress prior to version 0.21 is vulnerable to path traversal issue in archive extraction...

GHSA-FXH6-W476-HGR4 Directory Traversal in SharpCompress

SharpCompress prior to version 0.21 is vulnerable to path traversal issue in archive extraction...

SharpCompress Directory Traversal Vulnerability

SharpCompress is a library for compression/decompression. A directory traversal vulnerability exists in SharpCompress versions prior to 0.21.0. The vulnerability can be exploited to write arbitrary files with a specially crafted zip archive file with a directory traversal name...

CVE-2018-1002206

SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

CVE-2018-1002206

SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

Directory traversal

SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

CVE-2018-1002206

SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

CVE-2018-1002206

SharpCompress before 0.21.0 is vulnerable to a directory traversal vulnerability (Zip-Slip) that allows writing to arbitrary files via a ../ path in a Zip archive entry during extraction. Affected component is the SharpCompress library; impact is arbitrary file overwrite. Public-facing exploit de...

PT-2018-9626

Name of the Vulnerable Software and Affected Versions: SharpCompress versions prior to 0.21.0 Description: The issue allows attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This is also known as 'Zip-Slip'. The vulnerabilit...

Arbitrary File Write

SharpCompress is vulnerable to zip-slip vulnerability.The vulnerability exists due to the lack of check on the file path during extraction, allowing arbitrary files to be written in other directories...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview sharpcompress is a compression library for .NET Standard 1.0 that can unrar, decompress 7zip, decompress xz, zip/unzip, tar/untar lzip/unlzip, bzip2/unbzip2 and gzip/ungzip with forward-only reading and file random access APIs. Affected versions of the package are vulnerable to Arbitrary...