CVE-2017-5946

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.

Published: Feb 27, 2017
Updated: May 9, 2024
CVE: CVE-2017-5946
GHSA: GHSA-gcqq-w6gr-h9j9
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
rubyzip_project / rubyzip	-	1.2.1
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x
rubyzip	-	1.2.1

http://www.debian.org/security/2017/dsa-3801
http://www.securityfocus.com/bid/96445
https://github.com/rubyzip/rubyzip/commit/ce4208fdecc2ad079b05d3c49d70fe6ed1d07016
https://github.com/rubyzip/rubyzip/issues/315
https://github.com/rubyzip/rubyzip/releases
https://web.archive.org/web/20200227185727/http://www.securityfocus.com/bid/96445

Vulnerability Database

289,697

CVE-2017-5946