Rubyzip Project

rubyzip_project

3 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-16892 3Fedoraproject RedhatRubyzip Project 3Cloudforms FedoraRubyzip Nov 21, 2024 Sep 25, 2019 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).
CVE-2018-1000544 3Debian RedhatRubyzip Project 3Cloudforms Debian LinuxRubyzip Nov 21, 2024 Jun 26, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a...Show more rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..Show less
CVE-2017-5946 2Debian Rubyzip Project 2Debian Linux Rubyzip May 13, 2026 Feb 27, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substri...Show more The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.Show less