Описание
Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry.
Отчет
This issue affects the versions of rubygem-archive-tar-minitar as shipped with Red Hat Satellite 6. Red Hat Product Security has rated this issue as having Moderate security impact. A future update will not address this issue as the software is planned to be removed in a future version of Satellite 6.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Enterprise 2 | rubygem-archive-tar-minitar | Will not fix | ||
| Red Hat Satellite 6 | ruby193-rubygem-archive-tar-minitar | Will not fix |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry.
Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry.
Directory traversal vulnerability in the minitar before 0.6 and archiv ...
5.5 Medium
CVSS3