Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyzip project rubyzip vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2017-5946
The Zip::File component in the rubyzip gem prior to 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
Rubyzip Project Rubyzip
Debian Debian Linux 8.0
Debian Debian Linux 9.0
632
VMScore
CVE-2019-16892
In Rubyzip prior to 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows malicious users to cause a denial of service (disk consumption).
Rubyzip Project Rubyzip
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Cloudforms 4.7
Redhat Cloudforms 5.11
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started