CVE-2024-48510

Name of the Vulnerable Software and Affected Versions DotNetZip versions 1.16.0 and earlier ABB Drive Composer versions prior to 2.9.1

Description The issue allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component. This affects products that are no longer supported by the maintainer. The problem has been reportedly exploited in real-world attacks.

Recommendations For DotNetZip versions 1.16.0 and earlier, consider disabling the ZipEntry.Extract.cs component until a patch is available. For ABB Drive Composer versions prior to 2.9.1, update to version 2.9.1 for protection.