Sha256: 8a87ac37c5298abf1cb8066d41724db84b1a00b0efa8d121746fdbadbbfa82fd

Contents?: true

Size: 658 Bytes

Versions: 3

Compression:

Stored size: 658 Bytes

Contents

---
gem: minitar
cve: 2016-10173
url: https://github.com/halostatue/minitar/issues/16
title: Minitar Directory Traversal Vulnerability
date: 2016-08-22
description: |
  Minitar allows attackers to overwrite arbitrary files during archive
  extraction via a .. (dot dot) in an extracted filename. Analogous
  vulnerabilities for unzip and tar:
  https://www.cvedetails.com/cve/CVE-2001-1268/ and
  http://www.cvedetails.com/cve/CVE-2001-1267/

  Credit: ecneladis
patched_versions:
  - ">= 0.6.0"
related:
  url:
    - https://github.com/halostatue/minitar/issues/16
    - https://github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/minitar/CVE-2016-10173.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/minitar/CVE-2016-10173.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/minitar/CVE-2016-10173.yml