CVE-2021-32840

Name of the Vulnerable Software and Affected Versions SharpZipLib versions prior to 1.3.3

Description The issue affects SharpZipLib, a library for handling Zip, GZip, Tar, and BZip2 files. In versions prior to 1.3.3, a TAR file entry such as ../evil.txt may be extracted to the parent directory of the destination folder, potentially leading to arbitrary file write and code execution.

Recommendations For versions prior to 1.3.3, update to version 1.3.3 to resolve the issue. As a temporary workaround, consider restricting the extraction of TAR files to prevent writing to parent directories until the update is applied.