
We found results for “”
CVE-2021-32842
Good to know:


Date: January 26, 2022
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slash. If the _baseDirectory is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. Version 1.3.3 fixed this vulnerability.
Language: C#
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22Top Fix

Upgrade Version
Upgrade to version Nuke.Common - 6.0.0-beta0001;Nuke.Common - 0.24.4;Nuke.Common - 0.23.0-alpha0142;Nuke.GlobalTool - 6.0.0-beta0001;CreateDecisionsModule-GlobalTool - 1.0.8;Facade.ToolCLI - 1.2.2;Ingeniux_DSS_RTAPI - 10.5.128;Ingeniux_DSS_RTAPI - 10.6.154-prerelease;MyHaven.Tool - no_fix;ISuperORM.NET.sdk - 2.0.6;ISuperORM.NET.sdk - 2.0.2;Enjoy.Micro.Client - no_fix;Enjoy.Micro.HealthChecks - no_fix;DWF.Activities.Excel - no_fix;H-13967 - no_fix;DWF.Activities.File - no_fix;Enjoy.Micro.Consul - no_fix;dwl.NPOI - no_fix;Nuke.CodeGeneration - 0.19.0;Enjoy.DocDB - no_fix;DistributeComponent - no_fix;Enjoy.Platform.Proxy - no_fix;Enjoy.Application - 6.1.3.230719;Flubu - no_fix;Volo.Abp.Cli - 0.19.0;Volo.Abp.Cli - 5.0.0-beta.1;Cocos2D-Mono.DesktopGL - 2.3.8;dotnet-sqltest - 0.5.0;Enjoy.Micro.Log - no_fix;VirtoCommerce.GlobalTool - 3.0.0-alpha.42;VirtoCommerce.GlobalTool - 3.0.0;MyHavenBuild.Tool - 1.0.1;Enjoy.TemplateEngine - no_fix;Firely.Server.Ingest - 2.2.0;ExtCore.Repo.Tool - no_fix;LambdaSharp.Tool - 0.8.3.5;LINGYUN.Abp.Cli - 5.0.0-rc.1;Enjoy.ExcelReport - no_fix;Nibbler - 1.8.0-beta.5;dotnet-httpie - 0.9.0;dotnet-httpie - 0.9.0-preview-20241202-120118;Enjoy.ExcelUtility - no_fix;TCT.Build.Cake - no_fix;UpToYou - no_fix;Idea.Do.Cli - no_fix;Microsoft.CST.AttackSurfaceAnalyzer.CLI - 2.3.272;Skyline.DataMiner.Dev.Common - 10.2.6.4;Skyline.DataMiner.Dev.Common - 10.2.5.4;Skyline.DataMiner.Dev.Common - 10.2.0.4;lucene-cli - no_fix;lucene-cli - 4.8.0-beta00017;DevMark - no_fix;Sanding.Util.Extension.dll - 2.0.0;Syncer - no_fix;Microsoft.CST.DevSkim.CLI - 0.4.254;Torinox - no_fix;HIC.RDMP.Plugin - 8.1.0-rc1;Firely.Terminal - 2.5.0-beta-1;ExcelProvider - 1.0.0;_build - no_fix;Enjoy.Core - no_fix;Wonsen.Admin.WebApi - 1.0.6;ThirdPartyLibraries.GlobalTool - 2.1.1;Microsoft.CST.RecursiveExtractor.CLI - 1.1.4;Torinox.R4 - no_fix;MddCli - no_fix;Enjoy.Approve - no_fix;Mono.Addins.UtilTool - 1.3.10;AdamBarclay.WebAssetBuilder - 1.1.0;Enjoy.AspNetCore - no_fix;Enjoy.Models - no_fix;stankins.console - no_fix;Thaan.Extension.DatabaseOperations - no_fix;Microsoft.CST.ApplicationInspector.CLI - 1.4.12;Enjoy.Configure - no_fix;dotnet-compressor - 2.0.0;Fib.Net.MSBuild - no_fix;FrameworkCommon - no_fix;BBDown - 1.4.7;Enjoy.CacheProvider - no_fix;FanhanRPATools - no_fix;ResumeBuilder.Cli - no_fix;Aiwins.Rocket.Cli - no_fix;DK.Expressions.Shell - 4.1.10.2011081600;SharpZipLib - 1.3.3;Cocos2D-Mono.Windows - 2.3.8;Microsoft.Azure.Functions.Worker.Sdk - 1.5.0-preview1;Enjoy.EventBus.CAP.Extend - no_fix;Buildeploy.net - no_fix;Stormancer.Cpp.BuildTool - no_fix;Mni.Core.Cli - no_fix;AbpTools - no_fix;UnPak.Console - no_fix;Enjoy.AOP - no_fix;BBDownBlue - no_fix;dotnet-SlugCI - no_fix;gitmo - no_fix;Enjoy.NPOI.Extend - no_fix;dotnet-codegencs - 1.0.1;Enjoy.SignalR - no_fix;Snowflake.Tooling.Cli - 6.0.0;Dimmy - no_fix;Thaan.Extension.Selenium - 1.1.3;Jver.VerifyMicrosoftPackage - no_fix;Thaan.Extension.Archive - no_fix;WolvenKit.CLI - 1.6.0;Enjoy.EventBus.CAP.DataBase - no_fix;Nuke.MSBuildTaskSurrogate - no_fix;Refriender - no_fix;MapDownloader - no_fix;GarMel.Daf.Web.Core - no_fix;Enjoy.Resilience.Http - no_fix;TrafficGuarantee.RedisDataStorage - no_fix;Cocos2D-Mono.iOS - 2.3.9;Xposure.Lean.Launcher - no_fix;Enjoy.DBUtility - no_fix;CommunicationComponent - no_fix;Enjoy.Web - no_fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | NONE |
Integrity (I): | PARTIAL |
Availability (A): | NONE |
Additional information: |