Sha256: 71c63e6f2b36d17d7022c9e8e4c27d3a5aeab617cd0e327f13c2e27be6dc3380
Contents?: true
Size: 516 Bytes
Versions: 2
Compression:
Stored size: 516 Bytes
Contents
--- gem: archive-tar-minitar cve: 2016-10173 url: https://github.com/atoulme/minitar/issues/5 title: Archive-Tar-Minitar Directory Traversal Vulnerability date: 2016-08-22 description: | Minitar allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. Analogous vulnerabilities for unzip and tar: https://www.cvedetails.com/cve/CVE-2001-1268/ and http://www.cvedetails.com/cve/CVE-2001-1267/ Credit: ecneladis patched_versions: - ">= 0.6.1"
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.6.1 | data/ruby-advisory-db/gems/archive-tar-minitar/CVE-2016-10173.yml |
| bundler-audit-0.6.0 | data/ruby-advisory-db/gems/archive-tar-minitar/CVE-2016-10173.yml |