Vulnerability Details CVE-2018-1002206
SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.7%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://github.com/adamhathcock/sharpcompress/commit/42b1205fb435de523e6ef8ac5b7bafbe712997f6
- https://github.com/adamhathcock/sharpcompress/pull/374
- https://github.com/snyk/zip-slip-vulnerability
- https://snyk.io/research/zip-slip-vulnerability
- https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246
- https://github.com/adamhathcock/sharpcompress/commit/42b1205fb435de523e6ef8ac5b7bafbe712997f6
- https://github.com/adamhathcock/sharpcompress/pull/374
- https://github.com/snyk/zip-slip-vulnerability
- https://snyk.io/research/zip-slip-vulnerability
- https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246
Products affected by CVE-2018-1002206
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.10
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.10.1
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.10.1.1
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.10.1.2
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.10.1.3
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.10.2
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.10.3
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.11
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.11.1
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.11.2
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.11.3
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.11.4
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.11.5
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.11.6
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.12.0
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.12.1
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.12.2
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.12.3
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.12.4
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.13.0
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.13.1
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.14.0
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.14.1
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.15.0
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.15.1
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.15.2
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.16.0
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.16.1
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.16.2
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.17.0
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.17.1
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.18
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.18.1
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.18.2
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.19
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.19.1
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.19.2
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.20.0
-
cpe:2.3:a:sharpcompress_project:sharpcompress:0.9