You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CVE-2018-1000544
moderate severity
Vulnerable versions: <= 1.2.1
Patched version: 1.2.2
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..This is similar to CVE-2017-5946 which was patched in 1.2.1 but the fix in that case was incomplete.
The text was updated successfully, but these errors were encountered:
BenFradet
changed the title
EmrEtlRunner: bump transient dependency rubyzip to ~> 1.2,2
EmrEtlRunner: bump transient dependency rubyzip to ~> 1.2.2
Mar 8, 2019
CVE-2018-1000544
moderate severity
Vulnerable versions: <= 1.2.1
Patched version: 1.2.2
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..This is similar to CVE-2017-5946 which was patched in 1.2.1 but the fix in that case was incomplete.
The text was updated successfully, but these errors were encountered: