Lucene search
K

10 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:49 a.m.4 views

SUSE CVE-2017-5946

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem...

9.8CVSS7.2AI score0.0347EPSS
Exploits0References4
Veracode
Veracode
added 2019/01/15 9:26 a.m.26 views

Directory Traversal

rubyzip is vulnerable to directory traversal attacks. A malicious user can pass zip file containing files with the / character or a zip file with a symlink to cause a directory traversal. This is related to CVE-2017-5946...

9.8CVSS9AI score0.04499EPSS
Exploits1References72Affected Software5
Github Security Blog
Github Security Blog
added 2018/09/06 3:27 a.m.34 views

Rubyzip gem contains a Directory Traversal vulnerability in zip file component

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file...

9.8CVSS2.8AI score0.04499EPSS
Exploits1References7Affected Software1
Veracode
Veracode
added 2018/06/19 7:25 a.m.32 views

Directory Traversal

rubyzip is vulnerable to directory traversal attacks. A malicious user can pass zip file containing files with the / character or a zip file with a symlink to cause a directory traversal. This is related to CVE-2017-5946...

9.8CVSS9AI score0.04499EPSS
Exploits1References7Affected Software1
Mageia
Mageia
added 2017/08/13 1:17 p.m.32 views

Updated ruby-rubyzip packages fix security vulnerability

A directory traversal vulnerability could lead to access and overwrite files that are outside of the restricted directory CVE-2017-5946...

9.8CVSS3.7AI score0.0347EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/08/10 12:0 a.m.25 views

openSUSE Security Update : rubygem-rubyzip (openSUSE-2017-900)

This update for rubygem-rubyzip fixes the following issues : - CVE-2017-5946: A directory traversal vulnerability could lead to access and overwrite files that are outside of the restricted directory boo1027050 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

9.8CVSS7.7AI score0.0347EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/03/06 12:0 a.m.32 views

Debian DSA-3801-1 : ruby-zip - security update

It was discovered that ruby-zip, a Ruby module for reading and writing zip files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. dot dot in an extracted filename. %NASLMINLEVEL 70300 C...

9.8CVSS7.9AI score0.0347EPSS
Exploits0References4
Debian
Debian
added 2017/03/04 1:59 p.m.21 views

[SECURITY] [DSA 3801-1] ruby-zip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3801-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 04, 2017 https://www.debian.org/security/faq -...

7.5CVSS2.9AI score0.0347EPSS
Exploits0
Debian
Debian
added 2017/03/04 1:59 p.m.22 views

[SECURITY] [DSA 3801-1] ruby-zip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3801-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 04, 2017 https://www.debian.org/security/faq -...

9.8CVSS9.4AI score0.0347EPSS
Exploits0
CVE
CVE
added 2017/02/27 7:25 a.m.112 views

CVE-2017-5946

CVE-2017-5946 – Rubyzip directory traversal vulnerability : The Zip::File component of the rubyzip gem for Ruby (pre-1.2.1) allows a ZIP archive to write files outside the target directory when a ZIP upload contains paths with "..". This enables arbitrary file writes on the filesystem if a site p...

9.8CVSS9.2AI score0.0347EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder