Path Traversal in SharpZipLib
Moderate severity
GitHub Reviewed
Published
Feb 1, 2022
to the GitHub Advisory Database
•
Updated Feb 3, 2023
Description
Published by the National Vulnerability Database
Jan 26, 2022
Reviewed
Feb 1, 2022
Published to the GitHub Advisory Database
Feb 1, 2022
Last updated
Feb 3, 2023
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that
_baseDirectory
ends with slash. If the _baseDirectory is not slash terminated like/home/user/dir
it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e./home/user/dir.sh
. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. Version 1.3.3 fixed this vulnerability.References