CVE-2021-32841

Name of the Vulnerable Software and Affected Versions SharpZipLib versions 1.3.0 through 1.3.2

Description The issue affects SharpZipLib, a library for handling Zip, GZip, Tar, and BZip2 files. It arises from the lack of enforcement that the destination directory path ends with a slash, allowing for the creation of files with names that start with the destination directory path under specific conditions. The impact of this issue is limited due to file name and destination directory constraints, and it varies depending on the use case.

Recommendations For versions 1.3.0 through 1.3.2, update to version 1.3.3, which contains a patch for this issue. As a temporary workaround, consider ensuring that the destDir path always ends with a slash to prevent unintended file creation.