2 matches found
rubyzip Zip::File component path traversal vulnerability
The rubyzip gem is a Ruby library for reading and writing zip files. zip::File is one of the components for unzipping files. A directory traversal vulnerability exists in the Zip::File component in rubyzip 1.2.1 and earlier versions. An attacker can exploit this vulnerability by uploading a...
PT-2018-9440
Name of the Vulnerable Software and Affected Versions rubyzip versions 1.2.1 and earlier Description The rubyzip gem contains a Directory Traversal issue in the Zip::File component, allowing an attacker to write arbitrary files to the filesystem. This can be exploited if a site allows uploading o...