Skip to content

High severity vulnerability that affects DotNetZip

High severity GitHub Reviewed Published Oct 16, 2018 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

nuget DotNetZip (NuGet)

Affected versions

< 1.11.0

Patched versions

1.11.0

Description

DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

References

Published to the GitHub Advisory Database Oct 16, 2018
Reviewed Jun 16, 2020
Last updated Jan 9, 2023

Severity

High

EPSS score

0.137%
(50th percentile)

Weaknesses

CVE ID

CVE-2018-1002205

GHSA ID

GHSA-7378-6268-4278

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.