rubyzip Project rubyzip 1.0.0 - for Ruby

CPE Details

rubyzip Project rubyzip 1.0.0 - for Ruby
rubyzip_project
rubyzip
1.0.0
2020-05-14
10h31 +00:00
2020-05-14
10h31 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:rubyzip_project:rubyzip:1.0.0:-:*:*:*:ruby:*:*

Informations

Vendor

rubyzip_project

Product

rubyzip

Version

1.0.0

Update

-

Target Software

ruby

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-16892 2019-09-24 22h00 +00:00 In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).
5.5
Medium
CVE-2018-1000544 2018-06-26 14h00 +00:00 rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..
9.8
Critical
CVE-2017-5946 2017-02-27 06h25 +00:00 The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
9.8
Critical