Sha256: 62603e98adac2d890aff3e24ade478758b5c5b5c4ecba1e30157aab663f7e994
Contents?: true
Size: 426 Bytes
Versions: 1
Compression:
Stored size: 426 Bytes
Contents
---
gem: rubyzip
cve: 2019-16892
url: https://github.com/rubyzip/rubyzip/pull/403
date: 2019-09-12
title: Denial of Service in rubyzip ("zip bombs")
description: |
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application
checks on ZIP entry sizes because data about the uncompressed size
can be spoofed. This allows attackers to cause a denial of service
(disk consumption).
patched_versions:
- ">= 1.3.0"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/rubyzip/CVE-2019-16892.yml |