Lucene search

K
cvelistSnykCVELIST:CVE-2018-1002205
HistoryOct 03, 2022 - 4:21 p.m.

CVE-2018-1002205

2022-10-0316:21:40
CWE-22
snyk
www.cve.org
5
cve-2018-1002205
directory traversal
zip-slip
arbitrary files

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

30.2%

DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a …/ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as ‘Zip-Slip’.

CNA Affected

[
  {
    "product": "DotNetZip.Semvered",
    "vendor": "DotNetZip",
    "versions": [
      {
        "lessThan": "1.11.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

30.2%