GHSA-7378-6268-4278

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-7378-6268-4278/GHSA-7378-6268-4278.json
Aliases
  • CVE-2018-1002205
Published
2018-10-16T17:16:40Z
Modified
2022-08-15T08:36:32.278518Z
Details

DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

References

Affected packages

NuGet / DotNetZip

DotNetZip

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
1.11.0

Affected versions

1.*

1.0.0
1.10.0
1.10.1
1.9.0
1.9.0-rc1
1.9.1.8
1.9.2
1.9.2-rc1
1.9.3
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9