VYPR

rpm package

opensuse/rubygem-rubyzip&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/rubygem-rubyzip&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2018-1000544CriJun 26, 2018
    affected < 2.3.2-1.15fixed 2.3.2-1.15

    rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload

  • CVE-2017-5946CriFeb 27, 2017
    affected < 2.3.2-1.15fixed 2.3.2-1.15

    The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.