Search CVE reports


Toggle filters

1 – 3 of 3 results


CVE-2019-16892

Medium priority
Vulnerable

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).

1 affected package

ruby-zip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-zip Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2018-1000544

Medium priority

Some fixes available 1 of 3

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site...

1 affected package

ruby-zip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-zip Not affected Not affected Not affected Fixed Vulnerable
Show less packages

CVE-2017-5946

Medium priority

Some fixes available 1 of 3

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses ”../” pathname substrings to...

2 affected packages

libzip-ruby, ruby-zip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libzip-ruby Not in release Not in release Not in release Not in release Not in release
ruby-zip Not affected Not affected Not affected Not affected Vulnerable
Show less packages