rpm package
opensuse/ruby3.2-rubygem-rubyzip&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/ruby3.2-rubygem-rubyzip&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1000544 | Cri | 9.8 | < 2.3.2-1.11 | 2.3.2-1.11 | Jun 26, 2018 | rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload | |
| CVE-2017-5946 | Cri | 9.8 | < 2.3.2-1.11 | 2.3.2-1.11 | Feb 27, 2017 | The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem. |
- affected < 2.3.2-1.11fixed 2.3.2-1.11
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload
- affected < 2.3.2-1.11fixed 2.3.2-1.11
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.