CVE-2017-1000026

Опубликовано: 17 июл. 2017

Источник: debian

Описание

Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ruby-mixlib-archive	fixed	0.4.1-1		package

Примечания

https://github.com/chef/mixlib-archive/pull/6
https://github.com/chef/mixlib-archive/pull/6/commits/3a874a24aed6ee93fbccf97efe0ecc999bafe87d

Связанные уязвимости

CVE-2017-1000026

CVSS3: 7.5

ubuntu

больше 8 лет назад

Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries

CVE-2017-1000026

CVSS3: 7.5

nvd

больше 8 лет назад

Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries

GHSA-98wx-cw86-c97x

CVSS3: 7.5

github

больше 3 лет назад

mixlib-archive Path Traversal vulnerability