3 matches found
SUSE CVE-2022-31163
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...
TZInfo 安全漏洞
TZInfo is a Ruby timezone library. A security vulnerability exists in TZInfo that stems from its susceptibility to relative path traversal causing TZInfo::Timezone.get to load arbitrary files. The following versions are affected: 0.3.60 and earlier, 1.0.0 through 1.2.9 only when used with the Rub...
CVE-2022-31163 TZInfo relative path traversal vulnerability allows loading of arbitrary files
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...