2 matches found
CVE-2018-1002205
CVE-2018-1002205 affects DotNetZip.Semvered before 1.11.0. It is a Zip-Slip directory traversal vulnerability where a crafted archive entry containing ../ can be mishandled during extraction, enabling writing to arbitrary files on the target system. Root cause is improper handling of pathnames du...
CVE-2024-48510
The CVE-2024-48510 is a directory traversal vulnerability in DotNetZip v1.16.0 and earlier that may allow remote code execution via the ZipEntry.Extract.cs component. Multiple connected advisories confirm the affected library is used in various products (e.g., IBM Robotic Process Automation, Siem...