CVE-2024-48510

CVSS 9.1 CRITICALEPSS 2.1%CWE-22

Vexday Risk Score

48Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.1EPSS 2.1%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

13 Nov 2024Published on NVD

19 Mar 2026Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

n/a · n/a

public PoCs found — 1

githubgithub.com/havertz2110/CVE-2024-48510-PoC★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gist.github.com/thomas-chauchefoin-bentley-systems/855218959116f870f08857cce2aec731 https://github.com/haf/DotNetZip.Semverd https://github.com/haf/DotNetZip.Semverd/blob/e487179b33a9a0f2631eed5fb04d2c952ea5377a/src/Zip.Shared/ZipEntry.Extract.cs#L1365-L1410 https://www.nuget.org/packages/DotNetZip/