High severityNVD Advisory· Published Nov 13, 2024· Updated Nov 21, 2024
CVE-2024-48510
CVE-2024-48510
Description
Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DotNetZipNuGet | >= 1.10.1, <= 1.16.0 | — |
ProDotNetZipNuGet | < 1.19.0 | 1.19.0 |
Affected products
3- ghsa-coords2 versions
>= 1.10.1, <= 1.16.0+ 1 more
- (no CPE)range: >= 1.10.1, <= 1.16.0
- (no CPE)range: < 1.19.0
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-xhg6-9j5j-w4vfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-48510ghsaADVISORY
- gist.github.com/thomas-chauchefoin-bentley-systems/855218959116f870f08857cce2aec731ghsaWEB
- github.com/haf/DotNetZip.Semverd/blob/e487179b33a9a0f2631eed5fb04d2c952ea5377a/src/Zip.Shared/ZipEntry.Extract.csghsaWEB
- github.com/mihula/ProDotNetZip/commit/18486ad6d13742a07a6755ef6edf60d7458f1854ghsaWEB
- github.com/mihula/ProDotNetZip/pull/21ghsaWEB
- www.nuget.org/packages/DotNetZipghsaWEB
- www.nuget.org/packages/DotNetZip/mitre
News mentions
0No linked articles in our index yet.