haf/DotNetZip.Semverd

GitHub

github.com

Releases3

Frequency3 months 1 week

Last Release almost 12 years ago

Stars547

Please use System.IO.Compression! A fork of the DotNetZip project without signing with a solution that compiles cleanly. This project aims to follow semver to avoid versioning conflicts. DotNetZip is a FAST, FREE class library and toolset for manipulating zip files. Use VB, C# or any .NET language to easily create, extract, or update zip files.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-48510 ↗	Nov 13, 2024Wednesday, 13 November 2024, 15:15	9.8 CRITICAL	—
Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2018-1002205 ↗	Jul 25, 2018Wednesday, 25 July 2018, 17:29	5.5 MEDIUM	4.3 MEDIUM
DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.