Back to search
CVE-2017-5946
Published: Feb 27, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/rubyzip/rubyzip/releases
x_refsource_CONFIRM
96445
vdb-entry
x_refsource_BID
https://github.com/rubyzip/rubyzip/issues/315
x_refsource_CONFIRM
DSA-3801
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now