search

artkamote / examples

Serverless Examples – A collection of boilerplates and examples of serverless architectures built with the Serverless Framework on AWS Lambda, Microsoft Azure, Google Cloud Functions, and more.
https://www.serverless.com/examples/
Other
0 stars 0 forks source link

CVE-2024-48510 (Critical) detected in DotNetZip-1.13.3.dll #415

Open mend-bolt-for-github[bot] opened 1 week ago

mend-bolt-for-github[bot] commented 1 week ago

CVE-2024-48510 - Critical Severity Vulnerability

Vulnerable Library - DotNetZip-1.13.3.dll

Ionic's Zip Library (.NET Standard)

Library home page: https://api.nuget.org/packages/dotnetzip.1.13.3.nupkg

Path to vulnerable library: /azure-node-typescript-servicebus-trigger-endpoint/node_modules/serverless-azure-functions/node_modules/azure-functions-core-tools/bin/DotNetZip.dll,/azure-node-telegram-bot/node_modules/azure-functions-core-tools/bin/DotNetZip.dll,/azure-node-line-bot/node_modules/azure-functions-core-tools/bin/DotNetZip.dll

Dependency Hierarchy: - :x: **DotNetZip-1.13.3.dll** (Vulnerable Library)

Found in HEAD commit: dcbe4aefe4b3685f4b15493a01db0f19b118a0c4

Found in base branch: master

Vulnerability Details

Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Publish Date: 2024-11-13

URL: CVE-2024-48510

CVSS 3 Score Details (9.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here