Описание
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mono | fixed | 5.18.0.240+dfsg-1 | package | |
| mono | no-dsa | stretch | package | |
| mono | no-dsa | jessie | package | |
| mono-reference-assemblies | unfixed | package |
Примечания
https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247
https://github.com/icsharpcode/SharpZipLib/issues/232
https://github.com/mono/mono/issues/11492
Связанные уязвимости
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Improper Limitation of a Pathname to a Restricted Directory in SharpZipLib