Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traversal in SharpZipLib
Vulnerability Description
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
SharpZipLib 路径遍历漏洞
Vulnerability Description
SharpZipLib(#ziplib,前称NZipLib)是ICSharpCode(Icsharpcode)团队的一个开源的用在.NET平台中的C#压缩解压库,它支持解压和压缩Zip、GZip、BZip2、Tar等格式的文件。 SharpZipLib 存在安全漏洞,该漏洞源于可以在 `destFolder` 的父目录中提取 TAR 文件条目 `../evil.txt`。 这会导致可能导致代码执行的任意文件写入。
CVSS Information
N/A
Vulnerability Type
N/A