Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2018-1000544 in rubyzip #2095

Closed
bear454 opened this issue Aug 30, 2018 · 2 comments
Closed

CVE-2018-1000544 in rubyzip #2095

bear454 opened this issue Aug 30, 2018 · 2 comments
Assignees
@bear454

Comments

@bear454
Copy link
Contributor

bear454 commented Aug 30, 2018

Security issue from Hakiri: rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. If a site allows uploading of .zip files, an attacker can upload a malicious file which contains symlinks or files with absolute pathnames "../" to write arbitrary files to the...
@bear454 bear454 self-assigned this Aug 30, 2018
@bear454
Copy link
Contributor Author

bear454 commented Aug 30, 2018

Waiting on rubyzip/rubyzip#376

@bear454
Copy link
Contributor Author

bear454 commented Aug 31, 2018

Resolved in #2139 .

@bear454 bear454 closed this as completed Aug 31, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bear454 bear454

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bear454