From 8015b3a18322f1e01b4ed1900c2ea61fe2dc31c1 Mon Sep 17 00:00:00 2001 From: "Marco N." Date: Sat, 23 Nov 2024 10:54:30 +0100 Subject: [PATCH] Improve GHSA-xhg6-9j5j-w4vf --- .../GHSA-xhg6-9j5j-w4vf/GHSA-xhg6-9j5j-w4vf.json | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/advisories/github-reviewed/2024/11/GHSA-xhg6-9j5j-w4vf/GHSA-xhg6-9j5j-w4vf.json b/advisories/github-reviewed/2024/11/GHSA-xhg6-9j5j-w4vf/GHSA-xhg6-9j5j-w4vf.json index 65eac755e61eb..cad95d546ce2f 100644 --- a/advisories/github-reviewed/2024/11/GHSA-xhg6-9j5j-w4vf/GHSA-xhg6-9j5j-w4vf.json +++ b/advisories/github-reviewed/2024/11/GHSA-xhg6-9j5j-w4vf/GHSA-xhg6-9j5j-w4vf.json @@ -1,18 +1,14 @@ { "schema_version": "1.4.0", "id": "GHSA-xhg6-9j5j-w4vf", - "modified": "2024-11-18T23:41:14Z", + "modified": "2024-11-18T23:41:15Z", "published": "2024-11-13T15:31:37Z", "aliases": [ "CVE-2024-48510" ], "summary": "DotNetZip Directory Traversal vulnerability", - "details": "Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component", + "details": "Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component\n\n**Notice**: ProDotNetZip provides compatibility with existing code and can be used as a drop-in replacement for DotNetZip. The vulnerability in DotNetZip has been fixed in ProDotNetZip as of version 1.19.0.", "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" - }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" @@ -51,11 +47,14 @@ "introduced": "0" }, { - "last_affected": "1.18.0" + "fixed": "1.19.0" } ] } - ] + ], + "database_specific": { + "last_known_affected_version_range": "<= 1.18.0" + } } ], "references": [