dotnetzip vulnerability

The dotnetzip vulnerability tag covers security issues related to the DotNetZip library, a popular open-source .NET library for handling ZIP archives. Tagged content highlights a specific high-severity path-traversal flaw, CVE-2024-48510, inherited by Rockwell Automation's AADvance SIS Workstation. This ZipSlip vulnerability can lead to arbitrary code execution when a user opens a crafted archive. The discussion focuses on the need for urgent patching to version 2.01.00 or later and implementing defense-in-depth controls. This tag is relevant for IT professionals and security teams managing industrial control systems that rely on DotNetZip, emphasizing the importance of updating dependencies to mitigate exploitation risks.