High severity vulnerability that affects rubyzip

Withdrawn, accidental duplicate publish.

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.

Published: Jul 31, 2018
Updated: Apr 14, 2023
GHSA: GHSA-3q5q-f79q-7hr2
Severity: High
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
rubyzip	-	1.2.1

No references available.

Vulnerability Database

289,697

High severity vulnerability that affects rubyzip