The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| rubyzip_project | rubyzip | * |
| debian | debian_linux | 8.0 |
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-59,CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| rubyzip_project | rubyzip | * |
| redhat | cloudforms | 4.6 |
| debian | debian_linux | 8.0 |
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | cloudforms | 5.11 |
| fedoraproject | fedora | 29 |
| fedoraproject | fedora | 31 |
| rubyzip_project | rubyzip | * |
| redhat | cloudforms | 4.7 |
| fedoraproject | fedora | 30 |