DotNetZip.Semverd is vulnerable to arbitrary file writing (aka) zip-slip vulnerability. The vulnerability is possible because it does not check that the relative paths in a zip file don’t go outside of the target directory.
CPE | Name | Operator | Version |
---|---|---|---|
dotnetzip | le | 1.10.1 | |
dotnetzip.android | eq | 1.10.1 | |
dotnetzip.ios | eq | 1.10.1 | |
zlib.portable | le | 1.11.0-beta1 | |
zlib.portable.signed | eq | 1.11.0-beta1 |