Описание
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | released | 1.2.1-1.1~build0.18.04.1 |
| cosmic | not-affected | 1.2.1-1.1 |
| devel | not-affected | 1.2.1-1.1 |
| disco | not-affected | 1.2.1-1.1 |
| eoan | not-affected | 1.2.1-1.1 |
| esm-apps/bionic | released | 1.2.1-1.1~build0.18.04.1 |
| esm-apps/focal | not-affected | 1.2.1-1.1 |
| esm-apps/jammy | not-affected | 1.2.1-1.1 |
| esm-apps/noble | not-affected | 1.2.1-1.1 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Tra ...
Rubyzip gem contains a Directory Traversal vulnerability in zip file component
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3