PT-2018-9440

Name of the Vulnerable Software and Affected Versions rubyzip versions 1.2.1 and earlier Description The rubyzip gem contains a Directory Traversal issue in the Zip::File component, allowing an attacker to write arbitrary files to the filesystem. This can be exploited if a site allows uploading o...

Directory Traversal

rubyzip is vulnerable to directory traversal attacks. A malicious user can pass zip file containing files with the / character or a zip file with a symlink to cause a directory traversal. This is related to CVE-2017-5946...

Directory Traversal in rubyzip

rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. If a site allows uploading of .zip files, an attacker can upload a malicious file which contains symlinks or files with absolute...

Path Traversal

rubyzip is vulnerable to a path traversal vulnerability. Through the use of ..\ in file names within a zip folder, attackers can traverse folders outside of the intended directory on a Windows based system...

Directory traversal vulnerability in RubyZip

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses ../ pathname substrings to write arbitrary files to the filesystem...

GHSA-GCQQ-W6GR-H9J9 Directory traversal vulnerability in RubyZip

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses ../ pathname substrings to write arbitrary files to the filesystem...

Updated ruby-rubyzip packages fix security vulnerability

A directory traversal vulnerability could lead to access and overwrite files that are outside of the restricted directory CVE-2017-5946...

openSUSE Security Update : rubygem-rubyzip (openSUSE-2017-900)

This update for rubygem-rubyzip fixes the following issues : - CVE-2017-5946: A directory traversal vulnerability could lead to access and overwrite files that are outside of the restricted directory boo1027050 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

CVE-2017-5946

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem...

rubyzip gem Zip::File component directory traversal vulnerability

The rubyzip gem is a Ruby library for reading and writing zip files. A directory traversal vulnerability exists in the Zip::File component of the rubyzip gem. An attacker can exploit the vulnerability by uploading a malicious file to write an arbitrary file to the file system...

Directory traversal

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem...

DEBIAN-CVE-2017-5946

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem...

CVE-2017-5946

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem...

UBUNTU-CVE-2017-5946

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem...

CVE-2017-5946

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem...

CVE-2017-5946

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem...

CVE-2017-5946

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem...

CVE-2017-5946

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem...

PT-2017-16779

Name of the Vulnerable Software and Affected Versions rubyzip gem versions prior to 1.2.1 Description The Zip::File component in the rubyzip gem has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses ../ pathname...

Directory traversal vulnerability in rubyzip

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem...