DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:dotnetzip.semverd_project:dotnetzip.semverd:*:*:*:*:*:*:*:*"
],
"vendor_product": "dotnetzip.semverd_project:dotnetzip.semverd",
"extracted_events": [
{
"fixed": "1.11.0"
}
],
"source": "CPE_RANGE"
},
{
"extracted_events": [
{
"introduced": "DotNetZip.Semvered"
},
{
"fixed": "1.11.0"
}
],
"source": "DESCRIPTION"
}
]
}