Описание
SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.21.0 (исключая)
cpe:2.3:a:sharpcompress_project:sharpcompress:*:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02504
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-22
CWE-22
Связанные уязвимости
EPSS
Процентиль: 85%
0.02504
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-22
CWE-22