What is GHSA-fxh6-w476-hgr4?

GHSA-fxh6-w476-hgr4 is a security advisory published by GitHub Security Advisories with Medium severity. Directory Traversal in SharpCompress

Which CVE IDs does GHSA-fxh6-w476-hgr4 cover?

GHSA-fxh6-w476-hgr4 covers the following CVE IDs: CVE-2018-1002206. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-fxh6-w476-hgr4?

GHSA-fxh6-w476-hgr4 has a CVSS v3 base score of 5.5, published by GitHub Security Advisories.

Which products are affected by GHSA-fxh6-w476-hgr4?

GHSA-fxh6-w476-hgr4 affects 1 product, including: nuget/sharpcompress:\u003c 0.21.0.

GHSA-fxh6-w476-hgr4MediumCVSS 5.5

Directory Traversal in SharpCompress

Vendor

GitHub Security Advisories

Published

September 11, 2019

Last Modified

June 9, 2026

🔗 CVE IDs covered (1)

CVE-2018-1002206 →

📋 Description

SharpCompress prior to version 0.21 is vulnerable to path traversal issue in archive extraction.

🎯 Affected products1

nuget/sharpcompress:< 0.21.0

🔗 References (8)

https://github.com/adamhathcock/sharpcompress/commit/80ceb1c375fdb1b4ffba16528c99089e804ce61f
https://nvd.nist.gov/vuln/detail/CVE-2018-1002206
https://github.com/adamhathcock/sharpcompress/pull/374
https://github.com/adamhathcock/sharpcompress/commit/42b1205fb435de523e6ef8ac5b7bafbe712997f6
https://github.com/snyk/zip-slip-vulnerability
https://snyk.io/research/zip-slip-vulnerability
https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246
https://github.com/advisories/GHSA-fxh6-w476-hgr4