EPSS
Percentile
50.1%
microsoft.netcore.app (System.IO.Compression.ZipFile) is vulnerable to arbitrary file writes and directory creation. The vulnerability can be triggered because it does not properly validate the trailing separator for nested paths.
github.com/dotnet/corefx/commit/dabb4f5dc837550dc6835a7be9a6db8b8fd5fdc7
github.com/dotnet/corefx/pull/33562
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416