10 matches found
SUSE CVE-2017-5946
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem...
Directory Traversal
rubyzip is vulnerable to directory traversal attacks. A malicious user can pass zip file containing files with the / character or a zip file with a symlink to cause a directory traversal. This is related to CVE-2017-5946...
Rubyzip gem contains a Directory Traversal vulnerability in zip file component
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file...
Directory Traversal
rubyzip is vulnerable to directory traversal attacks. A malicious user can pass zip file containing files with the / character or a zip file with a symlink to cause a directory traversal. This is related to CVE-2017-5946...
Updated ruby-rubyzip packages fix security vulnerability
A directory traversal vulnerability could lead to access and overwrite files that are outside of the restricted directory CVE-2017-5946...
openSUSE Security Update : rubygem-rubyzip (openSUSE-2017-900)
This update for rubygem-rubyzip fixes the following issues : - CVE-2017-5946: A directory traversal vulnerability could lead to access and overwrite files that are outside of the restricted directory boo1027050 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
Debian DSA-3801-1 : ruby-zip - security update
It was discovered that ruby-zip, a Ruby module for reading and writing zip files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. dot dot in an extracted filename. %NASLMINLEVEL 70300 C...
[SECURITY] [DSA 3801-1] ruby-zip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3801-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 04, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3801-1] ruby-zip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3801-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 04, 2017 https://www.debian.org/security/faq -...
CVE-2017-5946
CVE-2017-5946 – Rubyzip directory traversal vulnerability : The Zip::File component of the rubyzip gem for Ruby (pre-1.2.1) allows a ZIP archive to write files outside the target directory when a ZIP upload contains paths with "..". This enables arbitrary file writes on the filesystem if a site p...