Skip to main content

Rubyzip

3 CVEs product

Monthly

CVE-2019-16892 Ruby MEDIUM POC PATCH This Month

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rubyzip Fedora Cloudforms
NVD GitHub
CVSS 3.1
5.5
EPSS
1.6%
CVE-2018-1000544 Ruby CRITICAL POC PATCH Act Now

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Rubyzip Debian Linux Cloudforms
NVD GitHub
CVSS 3.1
9.8
EPSS
4.5%
CVE-2017-5946 Ruby CRITICAL PATCH Act Now

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Rubyzip Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.9%
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rubyzip Fedora +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Rubyzip Debian Linux +1
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Rubyzip Debian Linux
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy