CVE-2018-1002205

Published July 25th, 2018

View on NVD ↗

CVSS v3

5.5

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECTS

Description

DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

snyk/zip-slip-vulnerability

Zip Slip Vulnerability (Arbitrary file write through archive extraction)

GitHub

840

haf/DotNetZip.Semverd

Please use System.IO.Compression! A fork of the DotNetZip project without signing with a solution that compiles cleanly. This project aims to follow semver to avoid versioning conflicts. DotNetZip is a FAST, FREE class library and toolset for manipulating zip files. Use VB, C# or any .NET language to easily create, extract, or update zip files.

GitHub

547