CVE-2018-1002208

CVE-2018-1002208

Vendor Sharpziplib
Product SharpZipLib
Weakness CWE-22 · Path traversal
Published July 25, 2018
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Key dates

02Disclosure timeline

July 25, 2018 CVE published
August 5, 2024 Record updated