Icsharpcode · Sharpziplib · CVE-2018-1002208
Name of the Vulnerable Software and Affected Versions:
SharpZipLib versions prior to 1.0 RC1
Description:
The issue allows attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction, also known as 'Zip-Slip'.
Recommendations:
For versions prior to 1.0 RC1, update to version 1.0 RC1 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing Zip archive entries to prevent directory traversal attacks. Restrict access to sensitive files and directories to minimize the risk of exploitation.