
We found results for “”
CVE-2021-32840
Good to know:

Date: January 26, 2022
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3.
Language: C#
Severity Score
Related Resources (7)
Severity Score
Weakness Type (CWE)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22Top Fix

Upgrade Version
Upgrade to version ResumeBuilder.Cli - no_fix;FanhanRPATools - no_fix;Thaan.Extension.Selenium - 1.1.3;Xposure.Lean.Launcher - no_fix;FrameworkCommon - no_fix;stankins.console - no_fix;Nuke.MSBuildTaskSurrogate - no_fix;Cocos2D-Mono.Windows - 2.3.8;Enjoy.Approve - no_fix;DK.Expressions.Shell - 4.1.10.2011081600;Enjoy.EventBus.CAP.Extend - no_fix;Microsoft.Azure.Functions.Worker.Sdk - 1.5.0-preview1;Wonsen.Admin.WebApi - 1.0.6;Enjoy.Configure - no_fix;SharpZipLib - 1.3.3;dotnet-httpie - 0.9.0-preview-20241202-120118;dotnet-httpie - 0.9.0;Torinox.R4 - no_fix;Aiwins.Rocket.Cli - no_fix;Enjoy.NPOI.Extend - no_fix;VirtoCommerce.GlobalTool - 3.0.0;VirtoCommerce.GlobalTool - 3.0.0-alpha.42;Thaan.Extension.DatabaseOperations - no_fix;Microsoft.CST.ApplicationInspector.CLI - 1.4.12;Mni.Core.Cli - no_fix;BBDown - 1.4.7;Idea.Do.Cli - no_fix;Nuke.Common - 0.23.0-alpha0142;Nuke.Common - 6.0.0-beta0001;Nuke.Common - 0.24.4;Microsoft.CST.DevSkim.CLI - 0.4.254;Enjoy.Application - 6.1.3.230719;Skyline.DataMiner.Dev.Common - 10.2.6.4;Skyline.DataMiner.Dev.Common - 10.2.5.4;Skyline.DataMiner.Dev.Common - 10.2.0.4;Nibbler - 1.8.0-beta.5;Enjoy.ExcelUtility - no_fix;ExcelProvider - 1.0.0;Volo.Abp.Cli - 0.19.0;Volo.Abp.Cli - 5.0.0-beta.1;HIC.RDMP.Plugin - 8.1.0-rc1;_build - no_fix;Enjoy.Core - no_fix;ThirdPartyLibraries.GlobalTool - 2.1.1;MyHaven.Tool - no_fix;AdamBarclay.WebAssetBuilder - 1.1.0;Enjoy.TemplateEngine - no_fix;ExtCore.Repo.Tool - no_fix;Syncer - no_fix;TCT.Build.Cake - no_fix;Mono.Addins.UtilTool - 1.3.10;Enjoy.ExcelReport - no_fix;Fib.Net.MSBuild - no_fix;UpToYou - no_fix;Enjoy.AspNetCore - no_fix;MyHavenBuild.Tool - 1.0.1;Microsoft.CST.RecursiveExtractor.CLI - 1.1.4;LINGYUN.Abp.Cli - 5.0.0-rc.1;DevMark - no_fix;Enjoy.Micro.HealthChecks - no_fix;lucene-cli - no_fix;lucene-cli - 4.8.0-beta00017;DWF.Activities.Excel - no_fix;Torinox - no_fix;TrafficGuarantee.RedisDataStorage - no_fix;H-13967 - no_fix;dwl.NPOI - no_fix;Sanding.Util.Extension.dll - 2.0.0;Snowflake.Tooling.Cli - 6.0.0;Refriender - no_fix;Firely.Terminal - 2.5.0-beta-1;Enjoy.Micro.Client - no_fix;GarMel.Daf.Web.Core - no_fix;MapDownloader - no_fix;Enjoy.DocDB - no_fix;CommunicationComponent - no_fix;Nuke.GlobalTool - 6.0.0-beta0001;Enjoy.Platform.Proxy - no_fix;DWF.Activities.File - no_fix;Microsoft.CST.AttackSurfaceAnalyzer.CLI - 2.3.272;UnPak.Console - no_fix;Ingeniux_DSS_RTAPI - 10.5.128;Ingeniux_DSS_RTAPI - 10.6.154-prerelease;Dimmy - no_fix;LambdaSharp.Tool - 0.8.3.5;Firely.Server.Ingest - 2.2.0;dotnet-sqltest - 0.5.0;ISuperORM.NET.sdk - 2.0.6;ISuperORM.NET.sdk - 2.0.2;DistributeComponent - no_fix;WolvenKit.CLI - 1.6.0;Nuke.CodeGeneration - 0.19.0;Enjoy.EventBus.CAP.DataBase - no_fix;Thaan.Extension.Archive - no_fix;Enjoy.CacheProvider - no_fix;Jver.VerifyMicrosoftPackage - no_fix;Enjoy.Resilience.Http - no_fix;Enjoy.Micro.Consul - no_fix;Cocos2D-Mono.DesktopGL - 2.3.8;Enjoy.SignalR - no_fix;gitmo - no_fix;Enjoy.Micro.Log - no_fix;Enjoy.Web - no_fix;Flubu - no_fix;Enjoy.DBUtility - no_fix;AbpTools - no_fix;Buildeploy.net - no_fix;Facade.ToolCLI - 1.2.2;Stormancer.Cpp.BuildTool - no_fix;BBDownBlue - no_fix;dotnet-SlugCI - no_fix;Enjoy.Models - no_fix;dotnet-compressor - 2.0.0;CreateDecisionsModule-GlobalTool - 1.0.8;Enjoy.AOP - no_fix;MddCli - no_fix;Cocos2D-Mono.iOS - 2.3.9;dotnet-codegencs - 1.0.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | HIGH |
Availability (A): | LOW |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | PARTIAL |
Integrity (I): | PARTIAL |
Availability (A): | PARTIAL |
Additional information: |