Описание
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitPatchTechnical Description
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitPatchTechnical Description
Уязвимые конфигурации
Конфигурация 1Версия до 0.86.0.518 (включая)
cpe:2.3:a:sharpziplib_project:sharpziplib:*:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00548
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 5.5
ubuntu
больше 7 лет назад
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS3: 5.5
debian
больше 7 лет назад
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allow ...
CVSS3: 5.5
github
больше 3 лет назад
Improper Limitation of a Pathname to a Restricted Directory in SharpZipLib
EPSS
Процентиль: 67%
0.00548
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-22
CWE-22