Rubyzipproject Rubyzip
By the Year
In 2024 there have been 0 vulnerabilities in Rubyzipproject Rubyzip . Rubyzip did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 1 | 5.50 |
2018 | 1 | 9.80 |
It may take a day or so for new Rubyzip vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Rubyzipproject Rubyzip Security Vulnerabilities
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes
CVE-2019-16892
5.5 - Medium
- September 25, 2019
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component
CVE-2018-1000544
9.8 - Critical
- June 26, 2018
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..
insecure temporary file
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability
CVE-2017-5946
9.8 - Critical
- February 27, 2017
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Debian Linux or by Rubyzipproject? Click the Watch button to subscribe.