Sha256: 62745c0dd056440f884060dd2241b53882b416f29359e6d57b1f6e08afe3c106

Contents?: true

Size: 656 Bytes

Versions: 3

Compression:

Stored size: 656 Bytes

Contents

---
gem: rubyzip
date: 2018-06-14
url: https://github.com/rubyzip/rubyzip/issues/369
cve: 2018-1000544
title: Directory Traversal in rubyzip
description: |
  rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability
  in Zip::File component that can result in write arbitrary files to the filesystem.
  If a site allows uploading of .zip files, an attacker can upload a malicious file
  which contains symlinks or files with absolute pathnames "../" to write arbitrary
  files to the filesystem.
patched_versions:
  - ">= 1.2.2"
related:
  cve:
    - 2017-5946
  url:
    - https://security-tracker.debian.org/tracker/CVE-2018-1000544

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/rubyzip/CVE-2018-1000544.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/rubyzip/CVE-2018-1000544.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/rubyzip/CVE-2018-1000544.yml