Path Traversal in SharpZipLib
Moderate severity
GitHub Reviewed
Published
to the GitHub Advisory Database
•
Updated
Description
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that _baseDirectory ends with slash. If the _baseDirectory is not slash terminated like /home/user/dir it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. /home/user/dir.sh. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. Version 1.3.3 fixed this vulnerability.
References
Published by the National Vulnerability Database
Reviewed
Published to the GitHub Advisory Database
Last updated
Severity
Moderate
/ 10
CVSS v3 base metrics
Attack vector
Local
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS score
(55th percentile)
Weaknesses
CVE ID
CVE-2021-32842
GHSA ID
GHSA-mm6g-mmq6-53ff
Source code
See something to contribute?
Suggest improvements for this vulnerability.