CVE-2017-5946 in rubyzip Geminfo

Summary

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

02/09/2017

Disclosure

02/27/2017

Moderation

VulDB entry created

Entries

VDB-97308 (1)

CPE

ready

CWE

CWE-22 (Confirmed)

CVSS

8.1

EPSS

0.05924

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-5946
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-5946
CVE Details	https://www.cvedetails.com/cve/CVE-2017-5946/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!