Rubyzip Project Rubyzip vulnerabilities
3 known vulnerabilities affecting rubyzip_project/rubyzip.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-16892MEDIUMCVSS 5.5fixed in 1.3.02019-09-25
CVE-2019-16892 [MEDIUM] CVE-2019-16892: In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).
nvd
CVE-2018-1000544CRITICALCVSS 9.8≤ 1.2.12018-06-26
CVE-2018-1000544 [CRITICAL] CWE-59 CVE-2018-1000544: rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::F
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pa
nvd
CVE-2017-5946CRITICALCVSS 9.8fixed in 1.2.12017-02-27
CVE-2017-5946 [CRITICAL] CWE-22 CVE-2017-5946: The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerabi
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
nvd