Sha256: 789492fbc8abd1548baf93d7fb57552f651c64c7274460c7b2900d477ee6acaa
Contents?: true
Size: 496 Bytes
Versions: 2
Compression:
Stored size: 496 Bytes
Contents
--- gem: minitar cve: 2016-10173 url: https://github.com/halostatue/minitar/issues/16 title: Minitar Directory Traversal Vulnerability date: 2016-08-22 description: | Minitar allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. Analogous vulnerabilities for unzip and tar: https://www.cvedetails.com/cve/CVE-2001-1268/ and http://www.cvedetails.com/cve/CVE-2001-1267/ Credit: ecneladis patched_versions: - ">= 0.6.1"
Version data entries
2 entries across 2 versions & 1 rubygems
Version | Path |
---|---|
bundler-audit-0.6.1 | data/ruby-advisory-db/gems/minitar/CVE-2016-10173.yml |
bundler-audit-0.6.0 | data/ruby-advisory-db/gems/minitar/CVE-2016-10173.yml |