Uploaded image for project: 'Sourcetree for Windows'
  1. Sourcetree for Windows
  2. SRCTREEWIN-13846

CVE-2018-1002206 (SharpCompress.dll)

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Low
    • Resolution: Fixed
    • 3.4.8
    • 3.4.9
    • General
    • None
    • Severity 3 - Minor

    Description

      What is Atlassians rating for this vulnerability ?

      • SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
      • C:\Program Files (x86)\Atlassian\Sourcetree\SharpCompress.dll [0.17.1.0]

      Attachments

        Activity

          People

            Unassigned Unassigned
            a7131179b31a Thomas
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: