4 matches found
OESA-2024-1398 rubygem-tzinfo security update
TZInfo provides daylight savings aware transformations between times in different time zones. Security Fixes: TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when use...
rubygem-tzinfo: arbitrary code execution
A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within t...
rubygem-tzinfo: arbitrary code execution
A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within t...
TZInfo 安全漏洞
TZInfo is a Ruby timezone library. A security vulnerability exists in TZInfo that stems from its susceptibility to relative path traversal causing TZInfo::Timezone.get to load arbitrary files. The following versions are affected: 0.3.60 and earlier, 1.0.0 through 1.2.9 only when used with the Rub...