You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Zip::File component has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
Affected versions: All versions
Fixed versions: 1.2.1
Identifier: CVE-2017-5946
Solution: Upgrade to latest version
Credit: ecneladis
Source: https://github.com/rubyzip/rubyzip/issues/315
The text was updated successfully, but these errors were encountered:
Waiting for:
randym/axlsx#513 and randym/axlsx#536
The Zip::File component has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
The text was updated successfully, but these errors were encountered: