GSA_kwCzR0hTQS00cWY1LTd4YzItd3FwZ84AAjqw

High EPSS: 0.00747% (0.71814 Percentile) EPSS:

Permalink JSON

DNN Path Traversal via Zip Slip

Affected Packages	Affected Versions	Fixed Versions
nuget:DotNetNuke.Core	< 9.5.0	9.5.0
14 Dependent packages 0 Dependent repositories 738,686 Downloads total Affected Version Ranges All affected versions 6.0.0, 7.0.0, 7.1.0, 7.1.2, 9.3.0, 9.3.1, 9.3.2, 9.4.0, 9.4.1, 9.4.2, 9.4.3, 9.4.4 All unaffected versions 9.5.0, 9.6.1, 9.6.2, 9.7.0, 9.7.1, 9.7.2, 9.8.0, 9.9.0, 9.9.1, 9.10.0, 9.10.1, 9.10.2, 9.11.0, 9.11.1, 9.11.2, 9.12.0, 9.13.0, 9.13.1, 9.13.2, 9.13.3, 9.13.4, 9.13.5, 9.13.6, 9.13.7, 9.13.8, 9.13.9, 10.0.0, 10.0.1

DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal via unsafe handling of zip files

References:

Identifiers

GHSA-4qf5-7xc2-wqpg

CVE-2020-5187

Risk

Severity

High

EPSS

EPSS Percentage: 0.00747

EPSS Percentile: 0.71814

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/dnnsoftware/Dnn.Platform

Date and time

Published

about 3 years ago

Updated

about 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories