CVE-2024-48510
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-48510
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-48510.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-48510
- Aliases
- Published
- 2024-11-13T15:15:07Z
- Modified
- 2025-05-21T02:59:32.141444Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
- References
-
- https://gist.github.com/thomas-chauchefoin-bentley-systems/855218959116f870f08857cce2aec731
- https://github.com/haf/DotNetZip.Semverd
- https://github.com/haf/DotNetZip.Semverd/blob/e487179b33a9a0f2631eed5fb04d2c952ea5377a/src/Zip.Shared/ZipEntry.Extract.cs#L1365-L1410
- https://www.nuget.org/packages/DotNetZip/