Directory Traversal

Affecting mono package, versions *

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

References

CVSS Score

5.5
medium severity
  • Attack Vector
    Local
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    Required
  • Scope
    Unchanged
  • Confidentiality
    None
  • Integrity
    High
  • Availability
    None
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE
CVE-2018-1002208
CWE
CWE-22
Snyk ID
SNYK-DEBIAN9-MONO-301624
Disclosed
25 Jul, 2018
Published
25 Jul, 2018