Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sharpcompress
(Sharpcompress_project)| Repositories | https://github.com/adamhathcock/sharpcompress |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-16 | CVE-2021-39208 | SharpCompress is a fully managed C# library to deal with many compression types and formats. Versions prior to 0.29.0 are vulnerable to partial path traversal. SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to prevent extraction outside the destination directory the destinationFileName path is verified to begin with fullDestinationDirectoryPath. However, prior to version 0.29.0, it is not enforced that... | Sharpcompress | N/A | ||
| 2018-07-25 | CVE-2018-1002206 | SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | Sharpcompress | 5.5 |