Sha256: 0160cc601549e9e5437dae98f7468b0592d870c41ca77a6061b78a85e27616e0

Contents?: true

Size: 516 Bytes

Versions: 3

Compression:

Stored size: 516 Bytes

Contents

---
gem: archive-tar-minitar
cve: 2016-10173
url: https://github.com/atoulme/minitar/issues/5
title: Archive-Tar-Minitar Directory Traversal Vulnerability
date: 2016-08-22
description: |
  Minitar allows attackers to overwrite arbitrary files during archive
  extraction via a .. (dot dot) in an extracted filename. Analogous
  vulnerabilities for unzip and tar:
  https://www.cvedetails.com/cve/CVE-2001-1268/ and
  http://www.cvedetails.com/cve/CVE-2001-1267/

  Credit: ecneladis
patched_versions:
  - ">= 0.6.0"

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/archive-tar-minitar/CVE-2016-10173.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/archive-tar-minitar/CVE-2016-10173.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/archive-tar-minitar/CVE-2016-10173.yml