Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traversal in SharpZipLib
Vulnerability Description
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the `destDir` is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins with the destination directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. Version 1.3.3 contains a patch for this vulnerability.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
SharpZipLib 路径遍历漏洞
Vulnerability Description
SharpZipLib(#ziplib,前称NZipLib)是ICSharpCode(Icsharpcode)团队的一个开源的用在.NET平台中的C#压缩解压库,它支持解压和压缩Zip、GZip、BZip2、Tar等格式的文件。 SharpZipLib 存在安全漏洞,该漏洞源于不强制 destDir 以斜线结尾。 如果 destDir 没有像 /home/user/dir 那样以斜线结尾,则可以创建一个名称以目标目录开头的文件,即 /home/user/dir.sh 。由于文件名和目标目录的限制,任意文件
CVSS Information
N/A
Vulnerability Type
N/A