CVE-2018-1000544

2018-06-27T09:18:55
ID RH:CVE-2018-1000544
Type redhatcve
Reporter redhat.com
Modified 2020-12-03T11:36:13

Description

A directory and symbolic link traversal flaw was found in the way rubyzip gem extracts zip files. An attacker, with access to a privileged application capable of extracting zip files, could use this flaw to write new files to arbitrary paths, accessible by the aforementioned privileged application.