Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DotNetZip Directory Traversal security vulnerability #6

Open
ShaunKrog opened this issue Dec 4, 2024 · 0 comments
Open

DotNetZip Directory Traversal security vulnerability #6

ShaunKrog opened this issue Dec 4, 2024 · 0 comments
Assignees
@ShaunKrog
Labels
security vulnerability Report a security vulnerability technical issue A change that the users will not notice
Milestone
3.1.0

Comments

@ShaunKrog
Copy link
Contributor

Describe the issue
As per advisory, https://github.com/advisories/GHSA-xhg6-9j5j-w4vfm, high severity vulnerability. Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component.

Describe the improvement you'd like
Upgrade to newest version of Dotnet Zip compliant with Dotnet 6.0
@ShaunKrog ShaunKrog self-assigned this Dec 4, 2024
@ShaunKrog ShaunKrog added technical issue A change that the users will not notice security vulnerability Report a security vulnerability labels Dec 4, 2024
@ShaunKrog ShaunKrog added this to the 3.1.0 milestone Dec 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ShaunKrog ShaunKrog

Labels
security vulnerability Report a security vulnerability technical issue A change that the users will not notice
Projects
None yet
Milestone
3.1.0
Development

No branches or pull requests
1 participant
@ShaunKrog