Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution because prepared statements are not used. Remediation Upgrade zipruby to version 1.3.1 or higher. References - GitHub Commit - GitHub PR - Ruby Advisory-db...

[PRE-SA-2012-02] Incorrect loop construct and numeric overflow in libzip

PRE-CERT Security Advisory ========================== Advisory: PRE-SA-2012-02 Released on: 21st March 2012 Affected products: libzip = 0.10 PHP 5.4.0 PHP = 5.3.10 zipruby = 0.3.6 Impact: heap overflow, information leak Credit: - Thomas Klausner - Timo Warns PRESENSE Technologies GmbH CVE...