Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traversal in SharpZipLib
Vulnerability Description
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slash. If the _baseDirectory is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. Version 1.3.3 fixed this vulnerability.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
SharpZipLib 路径遍历漏洞
Vulnerability Description
SharpZipLib(#ziplib,前称NZipLib)是ICSharpCode(Icsharpcode)团队的一个开源的用在.NET平台中的C#压缩解压库,它支持解压和压缩Zip、GZip、BZip2、Tar等格式的文件。 SharpZipLib 存在安全漏洞,该漏洞源于不强制 _baseDirectory 以斜线结尾。 如果 _baseDirectory 没有像 /home/user/dir 那样以斜线结尾,则可以创建一个文件,其名称以目标目录开始,比该目录上一层,即 /home/user/dir
CVSS Information
N/A
Vulnerability Type
N/A