Lucene search

K

Rubyzip Security Vulnerabilities

cve
cve

CVE-2019-16892

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk...

5.5CVSS

5.3AI Score

0.001EPSS

2019-09-25 10:15 PM
112
cve
cve

CVE-2018-1000544

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file.....

9.8CVSS

9.2AI Score

0.002EPSS

2018-06-26 04:29 PM
95
cve
cve

CVE-2017-5946

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the...

9.8CVSS

9.2AI Score

0.004EPSS

2017-02-27 07:59 AM
76