High severity vulnerability that affects DotNetZip

🗓️ 16 Oct 2018 17:40:16Reported by GitHub Advisory DatabaseType

High severity vulnerability in DotNetZip.Semvered before 1.11.0 allowing directory traversal and arbitrary file write via Zip archive entry mishandling during extraction

Reporter	Title	Published	Views	Family All 12
OSV	CVE-2018-1002205	25 Jul 201817:29	–	osv
OSV	High severity vulnerability that affects DotNetZip	16 Oct 201817:16	–	osv
Prion	Directory traversal	25 Jul 201817:29	–	prion
Cvelist	CVE-2018-1002205	25 Jul 201817:00	–	cvelist
Veracode	Arbitrary File Writing	9 Jul 201803:34	–	veracode
CVE	CVE-2018-1002205	25 Jul 201817:29	–	cve
ICS	Omron Engineering Software Zip-Slip	19 Sep 202306:00	–	ics
NVD	CVE-2018-1002205	25 Jul 201817:29	–	nvd
Veeam	Zip Slip Vulnerability	6 Jun 201800:00	–	veeam
F5 Networks	K64709522 : Multiple Zip Slip vulnerabilities	3 Aug 201800:00	–	f5

Vulners

Node

dotnetzipRange<1.11.0

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-1002205
github	www.github.com/haf/DotNetZip.Semverd/pull/121
github	www.github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366
github	www.github.com/advisories/GHSA-7378-6268-4278
github	www.github.com/snyk/zip-slip-vulnerability
snyk	www.snyk.io/research/zip-slip-vulnerability
snyk	www.snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Oct 2018 17:16Current

4.9Medium risk

Vulners AI Score4.9

CVSS24.3

CVSS35.5

EPSS0.01525

CWE-22