DotNetZip Directory Traversal vulnerability

GHSA-xhg6-9j5j-w4vf · CVE-2024-48510

Published Nov 13, 2024 · Modified Nov 25, 2024

Description

Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-48510
WEB https://github.com/mihula/ProDotNetZip/pull/21
WEB https://github.com/mihula/ProDotNetZip/commit/18486ad6d13742a07a6755ef6edf60d7458f1854
WEB https://gist.github.com/thomas-chauchefoin-bentley-systems/855218959116f870f08857cce2aec731
PACKAGE https://github.com/haf/DotNetZip.Semverd
WEB https://github.com/haf/DotNetZip.Semverd/blob/e487179b33a9a0f2631eed5fb04d2c952ea5377a/src/Zip.Shared/ZipEntry.Extract.cs#L1365-L1410
WEB https://www.nuget.org/packages/DotNetZip

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes