CVE-2018-1002206

CVE-2018-1002206

Vendor Sharpcompress
Product SharpCompress
Weakness CWE-22 · Path traversal
Published July 25, 2018
Last update September 17, 2024

CVSS base score

What the vulnerability does

01Description

SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Key dates

02Disclosure timeline

July 25, 2018 CVE published
September 17, 2024 Record updated