QwikSec

Security Database

CVE

CWE

Training

CVE-2018-1002205

Published: Jul 25, 2018

Modified: May 6, 2025

PUBLISHED

Description

DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Vendor	Product	Versions
DotNetZip	DotNetZip.Semvered	affected `unspecified - < 1.11.0`

Weaknesses (CWE)

References

https://snyk.io/research/zip-slip-vulnerability

x_refsource_MISC

https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366

x_refsource_CONFIRM

https://github.com/snyk/zip-slip-vulnerability

x_refsource_MISC

https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245

x_refsource_MISC

https://github.com/haf/DotNetZip.Semverd/pull/121

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.