Sha256: 3e754cfd462aa3f3ac15940d3e0275d70cc9777062e530f3d56617d2e10e1d74

Contents?: true

Size: 504 Bytes

Versions: 3

Compression:

Stored size: 504 Bytes

Contents

---
gem: rubyzip
cve: 2017-5946
url: https://github.com/rubyzip/rubyzip/issues/315
title: Directory traversal vulnerability in rubyzip
date: 2017-02-27
description: |
  The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a
  directory traversal vulnerability. If a site allows uploading of .zip files,
  an attacker can upload a malicious file that uses "../" pathname substrings to
  write arbitrary files to the filesystem.

cvss_v2: 7.5
cvss_v3: 9.8

patched_versions:
  - ">= 1.2.1"

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/rubyzip/CVE-2017-5946.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/rubyzip/CVE-2017-5946.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/rubyzip/CVE-2017-5946.yml