CVE-2018-1002205

CVE-2018-1002205

Vendor Dotnetzip
Product DotNetZip.Semvered
Weakness CWE-22 · Path traversal
Published July 25, 2018
Last update May 6, 2025

CVSS base score

What the vulnerability does

01Description

DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Key dates

02Disclosure timeline

July 25, 2018 CVE published
May 6, 2025 Record updated