Publish GHSA-7378-6268-4278

Author: advisory-database[bot]

advisories/github-reviewed/2018/10/GHSA-7378-6268-4278/GHSA-7378-6268-4278.json

@@ -1,14 +1,19 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7378-6268-4278",
-  "modified": "2020-06-16T21:21:07Z",
+  "modified": "2025-05-06T17:56:09Z",
   "published": "2018-10-16T17:16:40Z",
   "aliases": [
     "CVE-2018-1002205"
   ],
-  "summary": "High severity vulnerability that affects DotNetZip",
+  "summary": "DotNetZip Zip-Slip Vulnerability",
   "details": "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
+    }
+  ],
   "affected": [
     {
       "package": {
@@ -43,10 +48,6 @@
       "type": "WEB",
       "url": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366"
     },
-    {
-      "type": "ADVISORY",
-      "url": "https://github.com/advisories/GHSA-7378-6268-4278"
-    },
     {
       "type": "WEB",
       "url": "https://github.com/snyk/zip-slip-vulnerability"
@@ -64,9 +65,9 @@
     "cwe_ids": [
       "CWE-22"
     ],
-    "severity": "HIGH",
+    "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2020-06-16T21:21:07Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2018-07-25T17:29:01Z"
   }
 }