Back to search
CVE-2018-1000544
Published: Jun 26, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/rubyzip/rubyzip/issues/369
x_refsource_MISC
RHSA-2018:3466
vendor-advisory
x_refsource_REDHAT
[debian-lts-announce] 20180815 [SECURITY] [DLA 1467-1] ruby-zip security update
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20200801 [SECURITY] [DLA 2307-1] ruby-zip security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now