23 matches found
CVE-2018-1002205
CVE-2018-1002205 affects DotNetZip.Semvered before 1.11.0. It is a Zip-Slip directory traversal vulnerability where a crafted archive entry containing ../ can be mishandled during extraction, enabling writing to arbitrary files on the target system. Root cause is improper handling of pathnames du...
PT-2018-9625 · Hewlett Packard · Dotnetzip
Name of the Vulnerable Software and Affected Versions: DotNetZip.Semvered versions prior to 1.11.0 Description: The issue allows attackers to perform directory traversal, enabling them to write to arbitrary files. This is achieved by including a ../ dot dot slash in a Zip archive entry, which is...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview dotnetzip is a class library and toolset for manipulating zip files. Affected versions of the package are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, ...