High severity7.5NVD Advisory· Published Jul 17, 2017· Updated May 13, 2026

CVE-2017-1000026

Description

Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
mixlib-archiveRubyGems	< 0.4.0	0.4.0

Affected products

Progress (organisation)/Mixlib Archive
cpe:2.3:a:progress:mixlib-archive:*:*:*:*:*:*:*:*
Range: <=0.3.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-98wx-cw86-c97xghsaADVISORY
github.com/chef/mixlib-archive/blob/master/CHANGELOG.mdnvdRelease NotesThird Party AdvisoryWEB
nvd.nist.gov/vuln/detail/CVE-2017-1000026ghsaADVISORY
github.com/chef/mixlib-archive/pull/6ghsaWEB
github.com/rubysec/ruby-advisory-db/blob/master/gems/mixlib-archive/CVE-2017-1000026.ymlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000