High severity vulnerability that affects DotNetZip · CVE-2018-1002205 · GitHub Advisory Database · GitHub

High severity vulnerability that affects DotNetZip

High severity GitHub Reviewed Published Oct 16, 2018 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

DotNetZip (NuGet)

Affected versions

< 1.11.0

Patched versions

1.11.0

Description

DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

References

Published to the GitHub Advisory Database Oct 16, 2018

Reviewed Jun 16, 2020

Last updated Jan 9, 2023