CVE-2024-48510: DotNetZip Directory Traversal vulnerability
(updated )
Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component.
References
- gist.github.com/thomas-chauchefoin-bentley-systems/855218959116f870f08857cce2aec731
- github.com/advisories/GHSA-xhg6-9j5j-w4vf
- github.com/haf/DotNetZip.Semverd
- github.com/haf/DotNetZip.Semverd/blob/e487179b33a9a0f2631eed5fb04d2c952ea5377a/src/Zip.Shared/ZipEntry.Extract.cs
- github.com/mihula/ProDotNetZip/commit/18486ad6d13742a07a6755ef6edf60d7458f1854
- github.com/mihula/ProDotNetZip/pull/21
- nvd.nist.gov/vuln/detail/CVE-2024-48510
- www.nuget.org/packages/DotNetZip
Detect and mitigate CVE-2024-48510 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →