Directory Traversal Affecting mono package, versions *
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Integrity
High
Threat Intelligence
EPSS
0.15% (52nd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN8-MONO-301623
- published 25 Jul 2018
- disclosed 25 Jul 2018
Introduced: 25 Jul 2018
CVE-2018-1002208 Open this link in a new tabHow to fix?
There is no fixed version for Debian:8
mono
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream mono
package and not the mono
package as distributed by Debian
.
See How to fix?
for Debian:8
relevant fixed versions and status.
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
References
- https://security-tracker.debian.org/tracker/CVE-2018-1002208
- https://github.com/icsharpcode/SharpZipLib/wiki/Release-1.0
- https://github.com/icsharpcode/SharpZipLib/issues/232
- https://security.snyk.io/research/zip-slip-vulnerability
- https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247
- https://github.com/snyk/zip-slip-vulnerability
- https://snyk.io/research/zip-slip-vulnerability